@adcp/sdk 8.1.0-beta.15 → 8.1.0-beta.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/lib/schemas-data/v2.5/_provenance.json +1 -1
- package/dist/lib/signing/canonicalize.d.ts +33 -0
- package/dist/lib/signing/canonicalize.d.ts.map +1 -1
- package/dist/lib/signing/canonicalize.js +67 -3
- package/dist/lib/signing/canonicalize.js.map +1 -1
- package/dist/lib/signing/client.d.ts +5 -5
- package/dist/lib/signing/client.d.ts.map +1 -1
- package/dist/lib/signing/client.js +10 -1
- package/dist/lib/signing/client.js.map +1 -1
- package/dist/lib/signing/errors.d.ts +6 -0
- package/dist/lib/signing/errors.d.ts.map +1 -1
- package/dist/lib/signing/errors.js +11 -1
- package/dist/lib/signing/errors.js.map +1 -1
- package/dist/lib/signing/jwks-helpers.d.ts +3 -1
- package/dist/lib/signing/jwks-helpers.d.ts.map +1 -1
- package/dist/lib/signing/jwks-helpers.js +6 -1
- package/dist/lib/signing/jwks-helpers.js.map +1 -1
- package/dist/lib/signing/parser.js +2 -2
- package/dist/lib/signing/parser.js.map +1 -1
- package/dist/lib/signing/provider.d.ts +10 -7
- package/dist/lib/signing/provider.d.ts.map +1 -1
- package/dist/lib/signing/server.d.ts +5 -3
- package/dist/lib/signing/server.d.ts.map +1 -1
- package/dist/lib/signing/server.js +12 -1
- package/dist/lib/signing/server.js.map +1 -1
- package/dist/lib/signing/signer-async.d.ts +7 -2
- package/dist/lib/signing/signer-async.d.ts.map +1 -1
- package/dist/lib/signing/signer-async.js +11 -0
- package/dist/lib/signing/signer-async.js.map +1 -1
- package/dist/lib/signing/signer.d.ts +55 -2
- package/dist/lib/signing/signer.d.ts.map +1 -1
- package/dist/lib/signing/signer.js +59 -2
- package/dist/lib/signing/signer.js.map +1 -1
- package/dist/lib/signing/testing.d.ts +1 -2
- package/dist/lib/signing/testing.d.ts.map +1 -1
- package/dist/lib/signing/testing.js.map +1 -1
- package/dist/lib/signing/types.d.ts +2 -0
- package/dist/lib/signing/types.d.ts.map +1 -1
- package/dist/lib/signing/types.js +8 -1
- package/dist/lib/signing/types.js.map +1 -1
- package/dist/lib/version.d.ts +3 -3
- package/dist/lib/version.js +3 -3
- package/package.json +1 -1
|
@@ -4,5 +4,5 @@
|
|
|
4
4
|
"source_sha": "4e553ad955f83b49c7d221ab5c3ff78237ad02e3",
|
|
5
5
|
"source_tarball_sha256": "580656d6466ef9f0d1119985e6726c2efea718dc671e2ad30957fcb2fd54af0f",
|
|
6
6
|
"upstream_adcp_version": "2.5.3",
|
|
7
|
-
"synced_at": "2026-05-
|
|
7
|
+
"synced_at": "2026-05-28T23:55:42.215Z"
|
|
8
8
|
}
|
|
@@ -4,6 +4,28 @@ export interface RequestLike {
|
|
|
4
4
|
headers: Record<string, string | string[] | undefined>;
|
|
5
5
|
body?: string;
|
|
6
6
|
}
|
|
7
|
+
/**
|
|
8
|
+
* RFC 9421 response-signing context. Carries the response status and
|
|
9
|
+
* headers/body, plus the originating request method + URL so derived
|
|
10
|
+
* components that bind back to the request context (`@method`,
|
|
11
|
+
* `@target-uri`, `@authority`) resolve correctly.
|
|
12
|
+
*/
|
|
13
|
+
export interface ResponseLike {
|
|
14
|
+
status: number;
|
|
15
|
+
headers: Record<string, string | string[] | undefined>;
|
|
16
|
+
body?: string;
|
|
17
|
+
/**
|
|
18
|
+
* Originating request context. `url` must be absolute because
|
|
19
|
+
* `@target-uri` and `@authority` are parsed with `new URL(...)`. Supply
|
|
20
|
+
* `headers` when signing request-qualified header components such as
|
|
21
|
+
* `authorization;req`.
|
|
22
|
+
*/
|
|
23
|
+
request: {
|
|
24
|
+
method: string;
|
|
25
|
+
url: string;
|
|
26
|
+
headers?: Record<string, string | string[] | undefined>;
|
|
27
|
+
};
|
|
28
|
+
}
|
|
7
29
|
export interface SignatureParams {
|
|
8
30
|
created: number;
|
|
9
31
|
expires: number;
|
|
@@ -26,6 +48,17 @@ export declare function getHeaderValue(headers: Record<string, string | string[]
|
|
|
26
48
|
* function formats from `params` using a fixed canonical order.
|
|
27
49
|
*/
|
|
28
50
|
export declare function buildSignatureBase(components: ReadonlyArray<string>, request: RequestLike, params: SignatureParams, signatureParamsValue?: string): string;
|
|
51
|
+
/**
|
|
52
|
+
* Build the RFC 9421 §2.5 signature base for a response.
|
|
53
|
+
*
|
|
54
|
+
* Resolves `@status` from `response.status`; request-qualified components
|
|
55
|
+
* such as `@method;req`, `@target-uri;req`, and `@authority;req` bind to
|
|
56
|
+
* `response.request`, request-qualified headers bind to
|
|
57
|
+
* `response.request.headers`, and response header components resolve against
|
|
58
|
+
* `response.headers`. `signatureParamsValue` has the same verifier-path
|
|
59
|
+
* meaning as in {@link buildSignatureBase}.
|
|
60
|
+
*/
|
|
61
|
+
export declare function buildResponseSignatureBase(components: ReadonlyArray<string>, response: ResponseLike, params: SignatureParams, signatureParamsValue?: string): string;
|
|
29
62
|
export declare function formatSignatureParams(components: ReadonlyArray<string>, params: SignatureParams): string;
|
|
30
63
|
/**
|
|
31
64
|
* Raw non-ASCII bytes in the URL authority (IDN U-label) are a parse-time
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/canonicalize.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAeD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAYzD;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAWzD;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,EACtD,IAAI,EAAE,MAAM,GACX,MAAM,GAAG,SAAS,CAYpB;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,EACjC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,eAAe,EACvB,oBAAoB,CAAC,EAAE,MAAM,GAC5B,MAAM,CAgBR;AAED,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,eAAe,GAAG,MAAM,CASxG;
|
|
1
|
+
{"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/canonicalize.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC;IACvD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd;;;;;OAKG;IACH,OAAO,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,CAAA;KAAE,CAAC;CACnG;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;CACb;AAeD,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAYzD;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAWzD;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC,EACtD,IAAI,EAAE,MAAM,GACX,MAAM,GAAG,SAAS,CAYpB;AAED;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,EACjC,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,eAAe,EACvB,oBAAoB,CAAC,EAAE,MAAM,GAC5B,MAAM,CAgBR;AAED;;;;;;;;;GASG;AACH,wBAAgB,0BAA0B,CACxC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,EACjC,QAAQ,EAAE,YAAY,EACtB,MAAM,EAAE,eAAe,EACvB,oBAAoB,CAAC,EAAE,MAAM,GAC5B,MAAM,CAsBR;AAED,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,eAAe,GAAG,MAAM,CASxG;AA6GD;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAavD"}
|
|
@@ -5,6 +5,7 @@ exports.canonicalAuthority = canonicalAuthority;
|
|
|
5
5
|
exports.canonicalMethod = canonicalMethod;
|
|
6
6
|
exports.getHeaderValue = getHeaderValue;
|
|
7
7
|
exports.buildSignatureBase = buildSignatureBase;
|
|
8
|
+
exports.buildResponseSignatureBase = buildResponseSignatureBase;
|
|
8
9
|
exports.formatSignatureParams = formatSignatureParams;
|
|
9
10
|
exports.rejectNonAsciiHost = rejectNonAsciiHost;
|
|
10
11
|
const errors_1 = require("./errors");
|
|
@@ -17,7 +18,7 @@ const DEFAULT_PARAM_ORDER = [
|
|
|
17
18
|
'tag',
|
|
18
19
|
];
|
|
19
20
|
const STRING_PARAMS = new Set(['nonce', 'keyid', 'alg', 'tag']);
|
|
20
|
-
const SUPPORTED_DERIVED = new Set(['@method', '@target-uri', '@authority']);
|
|
21
|
+
const SUPPORTED_DERIVED = new Set(['@method', '@target-uri', '@authority', '@status']);
|
|
21
22
|
function canonicalTargetUri(rawUrl) {
|
|
22
23
|
rejectNonAsciiHost(rawUrl);
|
|
23
24
|
const u = new URL(rawUrl);
|
|
@@ -68,14 +69,43 @@ function buildSignatureBase(components, request, params, signatureParamsValue) {
|
|
|
68
69
|
if (value === undefined) {
|
|
69
70
|
throw new errors_1.RequestSignatureError('request_signature_components_incomplete', 6, `Covered component "${component}" not present in request`);
|
|
70
71
|
}
|
|
71
|
-
lines.push(
|
|
72
|
+
lines.push(`${formatComponentIdentifier(component)}: ${value}`);
|
|
73
|
+
}
|
|
74
|
+
const paramsString = signatureParamsValue ?? formatSignatureParams(components, params);
|
|
75
|
+
lines.push(`"@signature-params": ${paramsString}`);
|
|
76
|
+
return lines.join('\n');
|
|
77
|
+
}
|
|
78
|
+
/**
|
|
79
|
+
* Build the RFC 9421 §2.5 signature base for a response.
|
|
80
|
+
*
|
|
81
|
+
* Resolves `@status` from `response.status`; request-qualified components
|
|
82
|
+
* such as `@method;req`, `@target-uri;req`, and `@authority;req` bind to
|
|
83
|
+
* `response.request`, request-qualified headers bind to
|
|
84
|
+
* `response.request.headers`, and response header components resolve against
|
|
85
|
+
* `response.headers`. `signatureParamsValue` has the same verifier-path
|
|
86
|
+
* meaning as in {@link buildSignatureBase}.
|
|
87
|
+
*/
|
|
88
|
+
function buildResponseSignatureBase(components, response, params, signatureParamsValue) {
|
|
89
|
+
const requestView = {
|
|
90
|
+
method: response.request.method,
|
|
91
|
+
url: response.request.url,
|
|
92
|
+
headers: response.request.headers ?? {},
|
|
93
|
+
};
|
|
94
|
+
const lines = [];
|
|
95
|
+
for (const component of components) {
|
|
96
|
+
const { bare, requestBound } = parseComponentIdentifier(component);
|
|
97
|
+
const value = resolveResponseComponentValue(bare, requestBound, response, requestView);
|
|
98
|
+
if (value === undefined) {
|
|
99
|
+
throw new errors_1.RequestSignatureError('request_signature_components_incomplete', 6, `Covered component "${component}" not present in response`);
|
|
100
|
+
}
|
|
101
|
+
lines.push(`${formatComponentIdentifier(component)}: ${value}`);
|
|
72
102
|
}
|
|
73
103
|
const paramsString = signatureParamsValue ?? formatSignatureParams(components, params);
|
|
74
104
|
lines.push(`"@signature-params": ${paramsString}`);
|
|
75
105
|
return lines.join('\n');
|
|
76
106
|
}
|
|
77
107
|
function formatSignatureParams(components, params) {
|
|
78
|
-
const componentList = components.map(
|
|
108
|
+
const componentList = components.map(formatComponentIdentifier).join(' ');
|
|
79
109
|
const paramPairs = [];
|
|
80
110
|
for (const key of DEFAULT_PARAM_ORDER) {
|
|
81
111
|
const raw = params[key];
|
|
@@ -85,6 +115,38 @@ function formatSignatureParams(components, params) {
|
|
|
85
115
|
}
|
|
86
116
|
return `(${componentList});${paramPairs.join(';')}`;
|
|
87
117
|
}
|
|
118
|
+
function parseComponentIdentifier(component) {
|
|
119
|
+
if (!component.includes(';'))
|
|
120
|
+
return { bare: component, requestBound: false };
|
|
121
|
+
const [bare, ...params] = component.split(';');
|
|
122
|
+
const unsupported = params.filter(param => param !== 'req');
|
|
123
|
+
if (unsupported.length > 0) {
|
|
124
|
+
throw new errors_1.RequestSignatureError('request_signature_components_unexpected', 6, `Covered component "${component}" uses unsupported component parameters`);
|
|
125
|
+
}
|
|
126
|
+
return {
|
|
127
|
+
bare: bare ?? component,
|
|
128
|
+
requestBound: params.includes('req'),
|
|
129
|
+
};
|
|
130
|
+
}
|
|
131
|
+
function formatComponentIdentifier(component) {
|
|
132
|
+
const { bare, requestBound } = parseComponentIdentifier(component);
|
|
133
|
+
return `"${bare}"${requestBound ? ';req' : ''}`;
|
|
134
|
+
}
|
|
135
|
+
function resolveResponseComponentValue(bare, requestBound, response, requestView) {
|
|
136
|
+
if (bare === '@status') {
|
|
137
|
+
if (requestBound) {
|
|
138
|
+
throw new errors_1.RequestSignatureError('request_signature_components_unexpected', 6, '"@status" cannot use the request-bound ;req parameter');
|
|
139
|
+
}
|
|
140
|
+
return String(response.status);
|
|
141
|
+
}
|
|
142
|
+
if (bare.startsWith('@')) {
|
|
143
|
+
if (!requestBound) {
|
|
144
|
+
throw new errors_1.RequestSignatureError('request_signature_components_unexpected', 6, `Response derived component "${bare}" must use the request-bound ;req parameter`);
|
|
145
|
+
}
|
|
146
|
+
return resolveComponentValue(bare, requestView);
|
|
147
|
+
}
|
|
148
|
+
return getHeaderValue(requestBound ? requestView.headers : response.headers, bare);
|
|
149
|
+
}
|
|
88
150
|
function resolveComponentValue(component, request) {
|
|
89
151
|
if (component.startsWith('@')) {
|
|
90
152
|
if (!SUPPORTED_DERIVED.has(component)) {
|
|
@@ -97,6 +159,8 @@ function resolveComponentValue(component, request) {
|
|
|
97
159
|
return canonicalTargetUri(request.url);
|
|
98
160
|
case '@authority':
|
|
99
161
|
return canonicalAuthority(request.url);
|
|
162
|
+
case '@status':
|
|
163
|
+
throw new errors_1.RequestSignatureError('request_signature_components_unexpected', 6, '"@status" is only valid in response-signing context; use buildResponseSignatureBase');
|
|
100
164
|
}
|
|
101
165
|
}
|
|
102
166
|
return getHeaderValue(request.headers, component);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../../../src/lib/signing/canonicalize.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../../../src/lib/signing/canonicalize.ts"],"names":[],"mappings":";;AAkDA,gDAYC;AAED,gDAWC;AAED,0CAEC;AAED,wCAeC;AAWD,gDAqBC;AAYD,gEA2BC;AAED,sDASC;AAqHD,gDAaC;AApTD,qCAAiD;AAqCjD,MAAM,mBAAmB,GAAyC;IAChE,SAAS;IACT,SAAS;IACT,OAAO;IACP,OAAO;IACP,KAAK;IACL,KAAK;CACN,CAAC;AAEF,MAAM,aAAa,GAAG,IAAI,GAAG,CAAwB,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAEvF,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,aAAa,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC,CAAC;AAEvF,SAAgB,kBAAkB,CAAC,MAAc;IAC/C,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1B,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,8BAAqB,CAC7B,oCAAoC,EACpC,CAAC,EACD,yEAAyE,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,QAAQ,KAAK,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;IACrE,OAAO,wBAAwB,CAAC,+BAA+B,CAAC,SAAS,CAAC,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,kBAAkB,CAAC,MAAc;IAC/C,kBAAkB,CAAC,MAAM,CAAC,CAAC;IAC3B,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;IAC1B,IAAI,CAAC,CAAC,QAAQ,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,8BAAqB,CAC7B,oCAAoC,EACpC,CAAC,EACD,wEAAwE,CACzE,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;AAC9B,CAAC;AAED,SAAgB,eAAe,CAAC,MAAc;IAC5C,OAAO,MAAM,CAAC,WAAW,EAAE,CAAC;AAC9B,CAAC;AAED,SAAgB,cAAc,CAC5B,OAAsD,EACtD,IAAY;IAEZ,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,KAAK,SAAS;gBAAE,OAAO,SAAS,CAAC;YACtC,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrB,OAAO,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjD,CAAC;YACD,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,SAAgB,kBAAkB,CAChC,UAAiC,EACjC,OAAoB,EACpB,MAAuB,EACvB,oBAA6B;IAE7B,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,KAAK,GAAG,qBAAqB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACxD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,EACzC,CAAC,EACD,sBAAsB,SAAS,0BAA0B,CAC1D,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,GAAG,yBAAyB,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,YAAY,GAAG,oBAAoB,IAAI,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACvF,KAAK,CAAC,IAAI,CAAC,wBAAwB,YAAY,EAAE,CAAC,CAAC;IACnD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,0BAA0B,CACxC,UAAiC,EACjC,QAAsB,EACtB,MAAuB,EACvB,oBAA6B;IAE7B,MAAM,WAAW,GAAgB;QAC/B,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,MAAM;QAC/B,GAAG,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG;QACzB,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE;KACxC,CAAC;IACF,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;QACnE,MAAM,KAAK,GAAG,6BAA6B,CAAC,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,WAAW,CAAC,CAAC;QACvF,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,EACzC,CAAC,EACD,sBAAsB,SAAS,2BAA2B,CAC3D,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,GAAG,yBAAyB,CAAC,SAAS,CAAC,KAAK,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,YAAY,GAAG,oBAAoB,IAAI,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IACvF,KAAK,CAAC,IAAI,CAAC,wBAAwB,YAAY,EAAE,CAAC,CAAC;IACnD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,qBAAqB,CAAC,UAAiC,EAAE,MAAuB;IAC9F,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,KAAK,MAAM,GAAG,IAAI,mBAAmB,EAAE,CAAC;QACtC,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI,GAAG,KAAK,SAAS;YAAE,SAAS;QAChC,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC,CAAC;IAChF,CAAC;IACD,OAAO,IAAI,aAAa,KAAK,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;AACtD,CAAC;AAED,SAAS,wBAAwB,CAAC,SAAiB;IACjD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC;IAC9E,MAAM,CAAC,IAAI,EAAE,GAAG,MAAM,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,KAAK,KAAK,CAAC,CAAC;IAC5D,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,EACzC,CAAC,EACD,sBAAsB,SAAS,yCAAyC,CACzE,CAAC;IACJ,CAAC;IACD,OAAO;QACL,IAAI,EAAE,IAAI,IAAI,SAAS;QACvB,YAAY,EAAE,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC;KACrC,CAAC;AACJ,CAAC;AAED,SAAS,yBAAyB,CAAC,SAAiB;IAClD,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACnE,OAAO,IAAI,IAAI,IAAI,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AAClD,CAAC;AAED,SAAS,6BAA6B,CACpC,IAAY,EACZ,YAAqB,EACrB,QAAsB,EACtB,WAAwB;IAExB,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,EACzC,CAAC,EACD,uDAAuD,CACxD,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,EACzC,CAAC,EACD,+BAA+B,IAAI,6CAA6C,CACjF,CAAC;QACJ,CAAC;QACD,OAAO,qBAAqB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,cAAc,CAAC,YAAY,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AACrF,CAAC;AAED,SAAS,qBAAqB,CAAC,SAAiB,EAAE,OAAoB;IACpE,IAAI,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,EACzC,CAAC,EACD,sBAAsB,SAAS,wDAAwD,CACxF,CAAC;QACJ,CAAC;QACD,QAAQ,SAAS,EAAE,CAAC;YAClB,KAAK,SAAS;gBACZ,OAAO,eAAe,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACzC,KAAK,aAAa;gBAChB,OAAO,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACzC,KAAK,YAAY;gBACf,OAAO,kBAAkB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACzC,KAAK,SAAS;gBACZ,MAAM,IAAI,8BAAqB,CAC7B,yCAAyC,EACzC,CAAC,EACD,qFAAqF,CACtF,CAAC;QACN,CAAC;IACH,CAAC;IACD,OAAO,cAAc,CAAC,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAa;IAC7C,OAAO,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,CAAC,EAAE,EAAE,GAAW,EAAE,EAAE,CAAC,IAAI,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;AAC3F,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,+BAA+B,CAAC,KAAa;IACpD,OAAO,KAAK,CAAC,OAAO,CAAC,oBAAoB,EAAE,CAAC,KAAK,EAAE,GAAW,EAAE,EAAE;QAChE,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC/B,iEAAiE;QACjE,kDAAkD;QAClD,MAAM,YAAY,GAChB,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC;YAC9B,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC;YAC9B,CAAC,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC;YAC9B,IAAI,KAAK,IAAI;YACb,IAAI,KAAK,IAAI;YACb,IAAI,KAAK,IAAI;YACb,IAAI,KAAK,IAAI,CAAC;QAChB,OAAO,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAC1D,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,kBAAkB,CAAC,MAAc;IAC/C,MAAM,cAAc,GAAG,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC/E,IAAI,CAAC,cAAc;QAAE,OAAO;IAC5B,MAAM,SAAS,GAAG,cAAc,CAAC,CAAC,CAAE,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,IAAI,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC;YACnC,MAAM,IAAI,8BAAqB,CAC7B,oCAAoC,EACpC,CAAC,EACD,yEAAyE,CAC1E,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC"}
|
|
@@ -6,18 +6,18 @@
|
|
|
6
6
|
* Paired with `@adcp/sdk/signing/server` (verifier / middleware / stores).
|
|
7
7
|
* The aggregate `@adcp/sdk/signing` barrel re-exports both for back-compat.
|
|
8
8
|
*/
|
|
9
|
-
export { buildSignatureBase, canonicalAuthority, canonicalMethod, canonicalTargetUri, formatSignatureParams, getHeaderValue, type RequestLike, type SignatureParams, } from './canonicalize';
|
|
9
|
+
export { buildResponseSignatureBase, buildSignatureBase, canonicalAuthority, canonicalMethod, canonicalTargetUri, formatSignatureParams, getHeaderValue, type RequestLike, type ResponseLike, type SignatureParams, } from './canonicalize';
|
|
10
10
|
export { computeContentDigest, contentDigestMatches, parseContentDigest } from './content-digest';
|
|
11
11
|
export { requestContextFromExpress, requestContextFromFetch, requestContextFromLambda, type ExpressRequestLike, type FetchRequestLike, type LambdaRequestEvent, type RequestContextFromExpressOptions, type RequestContextFromLambdaOptions, } from './request-context';
|
|
12
|
-
export { finalizeRequestSignature, prepareRequestSignature, prepareWebhookSignature, signRequest, signWebhook, type PreparedRequestSignature, type SignatureIdentity, type SignedRequest, type SignerKey, type SignRequestOptions, type SignWebhookOptions, } from './signer';
|
|
13
|
-
export { signRequestAsync, signWebhookAsync } from './signer-async';
|
|
12
|
+
export { finalizeRequestSignature, finalizeResponseSignature, prepareRequestSignature, prepareResponseSignature, prepareWebhookSignature, signRequest, signResponse, signWebhook, type PreparedRequestSignature, type PreparedResponseSignature, type SignatureIdentity, type SignedRequest, type SignedResponse, type SignerKey, type SignRequestOptions, type SignResponseOptions, type SignWebhookOptions, } from './signer';
|
|
13
|
+
export { signRequestAsync, signResponseAsync, signWebhookAsync } from './signer-async';
|
|
14
14
|
export { derEcdsaToP1363 } from './ecdsa-encoding';
|
|
15
15
|
export { WEBHOOK_MANDATORY_COMPONENTS, WEBHOOK_SIGNING_TAG } from './webhook-verifier';
|
|
16
16
|
export { createSigningFetch, type CoverContentDigestPredicate, type SigningFetchOptions } from './fetch';
|
|
17
17
|
export { createSigningFetchAsync } from './fetch-async';
|
|
18
18
|
export type { SigningProvider } from './provider';
|
|
19
|
-
export { RequestSignatureError, type RequestSignatureErrorCode, SigningProviderAlgorithmMismatchError, type SigningProviderErrorCode, WebhookSignatureError, type WebhookSignatureErrorCode, } from './errors';
|
|
20
|
-
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG, type AdcpJsonWebKey, type AdcpSignAlg, type ContentDigestPolicy, type VerifierCapability, } from './types';
|
|
19
|
+
export { RequestSignatureError, type RequestSignatureErrorCode, ResponseSignatureError, type ResponseSignatureErrorCode, SigningProviderAlgorithmMismatchError, type SigningProviderErrorCode, WebhookSignatureError, type WebhookSignatureErrorCode, } from './errors';
|
|
20
|
+
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG, RESPONSE_MANDATORY_COMPONENTS, RESPONSE_SIGNING_TAG, type AdcpJsonWebKey, type AdcpSignAlg, type ContentDigestPolicy, type VerifierCapability, } from './types';
|
|
21
21
|
export { CapabilityCache, buildCapabilityCacheKey, defaultCapabilityCache, type CachedCapability, type CapabilityCacheOptions, } from './capability-cache';
|
|
22
22
|
export { buildAgentSigningFetch, createAgentSignedFetch, extractAdcpOperation, isInlineSigningConfig, isProviderSigningConfig, resolveCoverContentDigest, shouldSignOperation, toSignerKey, type BuildAgentSigningFetchOptions, type CreateAgentSignedFetchOptions, } from './agent-fetch';
|
|
23
23
|
export { buildAgentSigningContext, signingContextStorage, type AgentSigningContext, type AgentSigningIdentitySnapshot, } from './agent-context';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,GACrC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,WAAW,EACX,WAAW,EACX,KAAK,wBAAwB,EAC7B,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,kBAAkB,EACvB,KAAK,kBAAkB,GACxB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/client.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EACL,0BAA0B,EAC1B,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,GACrC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,wBAAwB,EACxB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,uBAAuB,EACvB,WAAW,EACX,YAAY,EACZ,WAAW,EACX,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,iBAAiB,EACtB,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,SAAS,EACd,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvF,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,4BAA4B,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACvF,OAAO,EAAE,kBAAkB,EAAE,KAAK,2BAA2B,EAAE,KAAK,mBAAmB,EAAE,MAAM,SAAS,CAAC;AACzG,OAAO,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAC;AACxD,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,sBAAsB,EACtB,KAAK,0BAA0B,EAC/B,qCAAqC,EACrC,KAAK,wBAAwB,EAC7B,qBAAqB,EACrB,KAAK,yBAAyB,GAC/B,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,YAAY,EACZ,4BAA4B,EAC5B,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,GACxB,MAAM,SAAS,CAAC;AACjB,OAAO,EACL,eAAe,EACf,uBAAuB,EACvB,sBAAsB,EACtB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,GAC5B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,EACpB,qBAAqB,EACrB,uBAAuB,EACvB,yBAAyB,EACzB,mBAAmB,EACnB,WAAW,EACX,KAAK,6BAA6B,EAClC,KAAK,6BAA6B,GACnC,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,wBAAwB,EACxB,qBAAqB,EACrB,KAAK,mBAAmB,EACxB,KAAK,4BAA4B,GAClC,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,sBAAsB,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC7E,OAAO,EAAE,YAAY,EAAE,KAAK,OAAO,EAAE,KAAK,mBAAmB,EAAE,MAAM,gBAAgB,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.shouldSignOperation = exports.resolveCoverContentDigest = exports.isProviderSigningConfig = exports.isInlineSigningConfig = exports.extractAdcpOperation = exports.createAgentSignedFetch = exports.buildAgentSigningFetch = exports.defaultCapabilityCache = exports.buildCapabilityCacheKey = exports.CapabilityCache = exports.RESPONSE_SIGNING_TAG = exports.RESPONSE_MANDATORY_COMPONENTS = exports.REQUEST_SIGNING_TAG = exports.MAX_SIGNATURE_WINDOW_SECONDS = exports.MANDATORY_COMPONENTS = exports.CLOCK_SKEW_TOLERANCE_SECONDS = exports.ALLOWED_ALGS = exports.WebhookSignatureError = exports.SigningProviderAlgorithmMismatchError = exports.ResponseSignatureError = exports.RequestSignatureError = exports.createSigningFetchAsync = exports.createSigningFetch = exports.WEBHOOK_SIGNING_TAG = exports.WEBHOOK_MANDATORY_COMPONENTS = exports.derEcdsaToP1363 = exports.signWebhookAsync = exports.signResponseAsync = exports.signRequestAsync = exports.signWebhook = exports.signResponse = exports.signRequest = exports.prepareWebhookSignature = exports.prepareResponseSignature = exports.prepareRequestSignature = exports.finalizeResponseSignature = exports.finalizeRequestSignature = exports.requestContextFromLambda = exports.requestContextFromFetch = exports.requestContextFromExpress = exports.parseContentDigest = exports.contentDigestMatches = exports.computeContentDigest = exports.getHeaderValue = exports.formatSignatureParams = exports.canonicalTargetUri = exports.canonicalMethod = exports.canonicalAuthority = exports.buildSignatureBase = exports.buildResponseSignatureBase = void 0;
|
|
4
|
+
exports.pemToAdcpJwk = exports.CAPABILITY_OP = exports.ensureCapabilityLoaded = exports.signingContextStorage = exports.buildAgentSigningContext = exports.toSignerKey = void 0;
|
|
4
5
|
/**
|
|
5
6
|
* Client-side signing surface: what a buyer needs to sign outbound AdCP
|
|
6
7
|
* requests per RFC 9421 — signer, canonicalization helpers, fetch wrapper,
|
|
@@ -10,6 +11,7 @@ exports.pemToAdcpJwk = exports.CAPABILITY_OP = exports.ensureCapabilityLoaded =
|
|
|
10
11
|
* The aggregate `@adcp/sdk/signing` barrel re-exports both for back-compat.
|
|
11
12
|
*/
|
|
12
13
|
var canonicalize_1 = require("./canonicalize");
|
|
14
|
+
Object.defineProperty(exports, "buildResponseSignatureBase", { enumerable: true, get: function () { return canonicalize_1.buildResponseSignatureBase; } });
|
|
13
15
|
Object.defineProperty(exports, "buildSignatureBase", { enumerable: true, get: function () { return canonicalize_1.buildSignatureBase; } });
|
|
14
16
|
Object.defineProperty(exports, "canonicalAuthority", { enumerable: true, get: function () { return canonicalize_1.canonicalAuthority; } });
|
|
15
17
|
Object.defineProperty(exports, "canonicalMethod", { enumerable: true, get: function () { return canonicalize_1.canonicalMethod; } });
|
|
@@ -26,12 +28,16 @@ Object.defineProperty(exports, "requestContextFromFetch", { enumerable: true, ge
|
|
|
26
28
|
Object.defineProperty(exports, "requestContextFromLambda", { enumerable: true, get: function () { return request_context_1.requestContextFromLambda; } });
|
|
27
29
|
var signer_1 = require("./signer");
|
|
28
30
|
Object.defineProperty(exports, "finalizeRequestSignature", { enumerable: true, get: function () { return signer_1.finalizeRequestSignature; } });
|
|
31
|
+
Object.defineProperty(exports, "finalizeResponseSignature", { enumerable: true, get: function () { return signer_1.finalizeResponseSignature; } });
|
|
29
32
|
Object.defineProperty(exports, "prepareRequestSignature", { enumerable: true, get: function () { return signer_1.prepareRequestSignature; } });
|
|
33
|
+
Object.defineProperty(exports, "prepareResponseSignature", { enumerable: true, get: function () { return signer_1.prepareResponseSignature; } });
|
|
30
34
|
Object.defineProperty(exports, "prepareWebhookSignature", { enumerable: true, get: function () { return signer_1.prepareWebhookSignature; } });
|
|
31
35
|
Object.defineProperty(exports, "signRequest", { enumerable: true, get: function () { return signer_1.signRequest; } });
|
|
36
|
+
Object.defineProperty(exports, "signResponse", { enumerable: true, get: function () { return signer_1.signResponse; } });
|
|
32
37
|
Object.defineProperty(exports, "signWebhook", { enumerable: true, get: function () { return signer_1.signWebhook; } });
|
|
33
38
|
var signer_async_1 = require("./signer-async");
|
|
34
39
|
Object.defineProperty(exports, "signRequestAsync", { enumerable: true, get: function () { return signer_async_1.signRequestAsync; } });
|
|
40
|
+
Object.defineProperty(exports, "signResponseAsync", { enumerable: true, get: function () { return signer_async_1.signResponseAsync; } });
|
|
35
41
|
Object.defineProperty(exports, "signWebhookAsync", { enumerable: true, get: function () { return signer_async_1.signWebhookAsync; } });
|
|
36
42
|
var ecdsa_encoding_1 = require("./ecdsa-encoding");
|
|
37
43
|
Object.defineProperty(exports, "derEcdsaToP1363", { enumerable: true, get: function () { return ecdsa_encoding_1.derEcdsaToP1363; } });
|
|
@@ -44,6 +50,7 @@ var fetch_async_1 = require("./fetch-async");
|
|
|
44
50
|
Object.defineProperty(exports, "createSigningFetchAsync", { enumerable: true, get: function () { return fetch_async_1.createSigningFetchAsync; } });
|
|
45
51
|
var errors_1 = require("./errors");
|
|
46
52
|
Object.defineProperty(exports, "RequestSignatureError", { enumerable: true, get: function () { return errors_1.RequestSignatureError; } });
|
|
53
|
+
Object.defineProperty(exports, "ResponseSignatureError", { enumerable: true, get: function () { return errors_1.ResponseSignatureError; } });
|
|
47
54
|
Object.defineProperty(exports, "SigningProviderAlgorithmMismatchError", { enumerable: true, get: function () { return errors_1.SigningProviderAlgorithmMismatchError; } });
|
|
48
55
|
Object.defineProperty(exports, "WebhookSignatureError", { enumerable: true, get: function () { return errors_1.WebhookSignatureError; } });
|
|
49
56
|
var types_1 = require("./types");
|
|
@@ -52,6 +59,8 @@ Object.defineProperty(exports, "CLOCK_SKEW_TOLERANCE_SECONDS", { enumerable: tru
|
|
|
52
59
|
Object.defineProperty(exports, "MANDATORY_COMPONENTS", { enumerable: true, get: function () { return types_1.MANDATORY_COMPONENTS; } });
|
|
53
60
|
Object.defineProperty(exports, "MAX_SIGNATURE_WINDOW_SECONDS", { enumerable: true, get: function () { return types_1.MAX_SIGNATURE_WINDOW_SECONDS; } });
|
|
54
61
|
Object.defineProperty(exports, "REQUEST_SIGNING_TAG", { enumerable: true, get: function () { return types_1.REQUEST_SIGNING_TAG; } });
|
|
62
|
+
Object.defineProperty(exports, "RESPONSE_MANDATORY_COMPONENTS", { enumerable: true, get: function () { return types_1.RESPONSE_MANDATORY_COMPONENTS; } });
|
|
63
|
+
Object.defineProperty(exports, "RESPONSE_SIGNING_TAG", { enumerable: true, get: function () { return types_1.RESPONSE_SIGNING_TAG; } });
|
|
55
64
|
var capability_cache_1 = require("./capability-cache");
|
|
56
65
|
Object.defineProperty(exports, "CapabilityCache", { enumerable: true, get: function () { return capability_cache_1.CapabilityCache; } });
|
|
57
66
|
Object.defineProperty(exports, "buildCapabilityCacheKey", { enumerable: true, get: function () { return capability_cache_1.buildCapabilityCacheKey; } });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/lib/signing/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../src/lib/signing/client.ts"],"names":[],"mappings":";;;;AAAA;;;;;;;GAOG;AACH,+CAWwB;AAVtB,0HAAA,0BAA0B,OAAA;AAC1B,kHAAA,kBAAkB,OAAA;AAClB,kHAAA,kBAAkB,OAAA;AAClB,+GAAA,eAAe,OAAA;AACf,kHAAA,kBAAkB,OAAA;AAClB,qHAAA,qBAAqB,OAAA;AACrB,8GAAA,cAAc,OAAA;AAKhB,mDAAkG;AAAzF,sHAAA,oBAAoB,OAAA;AAAE,sHAAA,oBAAoB,OAAA;AAAE,oHAAA,kBAAkB,OAAA;AACvE,qDAS2B;AARzB,4HAAA,yBAAyB,OAAA;AACzB,0HAAA,uBAAuB,OAAA;AACvB,2HAAA,wBAAwB,OAAA;AAO1B,mCAkBkB;AAjBhB,kHAAA,wBAAwB,OAAA;AACxB,mHAAA,yBAAyB,OAAA;AACzB,iHAAA,uBAAuB,OAAA;AACvB,kHAAA,wBAAwB,OAAA;AACxB,iHAAA,uBAAuB,OAAA;AACvB,qGAAA,WAAW,OAAA;AACX,sGAAA,YAAY,OAAA;AACZ,qGAAA,WAAW,OAAA;AAWb,+CAAuF;AAA9E,gHAAA,gBAAgB,OAAA;AAAE,iHAAA,iBAAiB,OAAA;AAAE,gHAAA,gBAAgB,OAAA;AAC9D,mDAAmD;AAA1C,iHAAA,eAAe,OAAA;AACxB,uDAAuF;AAA9E,gIAAA,4BAA4B,OAAA;AAAE,uHAAA,mBAAmB,OAAA;AAC1D,iCAAyG;AAAhG,2GAAA,kBAAkB,OAAA;AAC3B,6CAAwD;AAA/C,sHAAA,uBAAuB,OAAA;AAEhC,mCASkB;AARhB,+GAAA,qBAAqB,OAAA;AAErB,gHAAA,sBAAsB,OAAA;AAEtB,+HAAA,qCAAqC,OAAA;AAErC,+GAAA,qBAAqB,OAAA;AAGvB,iCAYiB;AAXf,qGAAA,YAAY,OAAA;AACZ,qHAAA,4BAA4B,OAAA;AAC5B,6GAAA,oBAAoB,OAAA;AACpB,qHAAA,4BAA4B,OAAA;AAC5B,4GAAA,mBAAmB,OAAA;AACnB,sHAAA,6BAA6B,OAAA;AAC7B,6GAAA,oBAAoB,OAAA;AAMtB,uDAM4B;AAL1B,mHAAA,eAAe,OAAA;AACf,2HAAA,uBAAuB,OAAA;AACvB,0HAAA,sBAAsB,OAAA;AAIxB,6CAWuB;AAVrB,qHAAA,sBAAsB,OAAA;AACtB,qHAAA,sBAAsB,OAAA;AACtB,mHAAA,oBAAoB,OAAA;AACpB,oHAAA,qBAAqB,OAAA;AACrB,sHAAA,uBAAuB,OAAA;AACvB,wHAAA,yBAAyB,OAAA;AACzB,kHAAA,mBAAmB,OAAA;AACnB,0GAAA,WAAW,OAAA;AAIb,iDAKyB;AAJvB,yHAAA,wBAAwB,OAAA;AACxB,sHAAA,qBAAqB,OAAA;AAIvB,2DAA6E;AAApE,4HAAA,sBAAsB,OAAA;AAAE,mHAAA,aAAa,OAAA;AAC9C,+CAAsF;AAA7E,4GAAA,YAAY,OAAA"}
|
|
@@ -23,6 +23,12 @@ export declare class WebhookSignatureError extends ADCPError {
|
|
|
23
23
|
readonly failedStep: number;
|
|
24
24
|
constructor(code: WebhookSignatureErrorCode, failedStep: number, message: string, details?: unknown);
|
|
25
25
|
}
|
|
26
|
+
export type ResponseSignatureErrorCode = 'response_signature_key_purpose_invalid';
|
|
27
|
+
export declare class ResponseSignatureError extends ADCPError {
|
|
28
|
+
readonly code: ResponseSignatureErrorCode;
|
|
29
|
+
readonly failedStep: number;
|
|
30
|
+
constructor(code: ResponseSignatureErrorCode, failedStep: number, message: string, details?: unknown);
|
|
31
|
+
}
|
|
26
32
|
/**
|
|
27
33
|
* SDK-side error codes for the `SigningProvider` integration path. Distinct
|
|
28
34
|
* namespace from `RequestSignatureErrorCode` / `WebhookSignatureErrorCode`
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,MAAM,yBAAyB,GACjC,4BAA4B,GAC5B,oCAAoC,GACpC,qCAAqC,GACrC,+BAA+B,GAC/B,mCAAmC,GACnC,kCAAkC,GAClC,yCAAyC,GACzC,yCAAyC,GACzC,+BAA+B,GAC/B,uCAAuC,GACvC,+BAA+B,GAC/B,2BAA2B,GAC3B,mCAAmC,GACnC,4BAA4B,GAC5B,8BAA8B,GAC9B,oCAAoC,CAAC;AAEzC,qBAAa,qBAAsB,SAAQ,SAAS;IAClD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKpG;AAED;;;;GAIG;AACH;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,GACjC,oCAAoC,GACpC,qCAAqC,GACrC,+BAA+B,GAC/B,mCAAmC,GACnC,kCAAkC,GAClC,yCAAyC,GAKzC,8BAA8B,GAC9B,+BAA+B,GAI/B,uCAAuC,GAKvC,uBAAuB,GACvB,+BAA+B,GAC/B,oCAAoC,GACpC,8BAA8B,GAC9B,2BAA2B,GAC3B,mCAAmC,GACnC,4BAA4B,CAAC;AAEjC,qBAAa,qBAAsB,SAAQ,SAAS;IAClD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKpG;AAED;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAAG,qCAAqC,CAAC;AAE7E;;;;;;;;GAQG;AACH,qBAAa,qCAAsC,SAAQ,SAAS;IAClE,QAAQ,CAAC,IAAI,EAAE,wBAAwB,CAAyC;IAChF,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;gBAEjB,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;CASlE"}
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/errors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,MAAM,yBAAyB,GACjC,4BAA4B,GAC5B,oCAAoC,GACpC,qCAAqC,GACrC,+BAA+B,GAC/B,mCAAmC,GACnC,kCAAkC,GAClC,yCAAyC,GACzC,yCAAyC,GACzC,+BAA+B,GAC/B,uCAAuC,GACvC,+BAA+B,GAC/B,2BAA2B,GAC3B,mCAAmC,GACnC,4BAA4B,GAC5B,8BAA8B,GAC9B,oCAAoC,CAAC;AAEzC,qBAAa,qBAAsB,SAAQ,SAAS;IAClD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKpG;AAED;;;;GAIG;AACH;;;;;;GAMG;AACH,MAAM,MAAM,yBAAyB,GACjC,oCAAoC,GACpC,qCAAqC,GACrC,+BAA+B,GAC/B,mCAAmC,GACnC,kCAAkC,GAClC,yCAAyC,GAKzC,8BAA8B,GAC9B,+BAA+B,GAI/B,uCAAuC,GAKvC,uBAAuB,GACvB,+BAA+B,GAC/B,oCAAoC,GACpC,8BAA8B,GAC9B,2BAA2B,GAC3B,mCAAmC,GACnC,4BAA4B,CAAC;AAEjC,qBAAa,qBAAsB,SAAQ,SAAS;IAClD,QAAQ,CAAC,IAAI,EAAE,yBAAyB,CAAC;IACzC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,yBAAyB,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKpG;AAED,MAAM,MAAM,0BAA0B,GAAG,wCAAwC,CAAC;AAElF,qBAAa,sBAAuB,SAAQ,SAAS;IACnD,QAAQ,CAAC,IAAI,EAAE,0BAA0B,CAAC;IAC1C,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;gBAEhB,IAAI,EAAE,0BAA0B,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAKrG;AAED;;;;;GAKG;AACH,MAAM,MAAM,wBAAwB,GAAG,qCAAqC,CAAC;AAE7E;;;;;;;;GAQG;AACH,qBAAa,qCAAsC,SAAQ,SAAS;IAClE,QAAQ,CAAC,IAAI,EAAE,wBAAwB,CAAyC;IAChF,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;gBAEjB,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;CASlE"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.SigningProviderAlgorithmMismatchError = exports.WebhookSignatureError = exports.RequestSignatureError = void 0;
|
|
3
|
+
exports.SigningProviderAlgorithmMismatchError = exports.ResponseSignatureError = exports.WebhookSignatureError = exports.RequestSignatureError = void 0;
|
|
4
4
|
const errors_1 = require("../errors");
|
|
5
5
|
class RequestSignatureError extends errors_1.ADCPError {
|
|
6
6
|
code;
|
|
@@ -22,6 +22,16 @@ class WebhookSignatureError extends errors_1.ADCPError {
|
|
|
22
22
|
}
|
|
23
23
|
}
|
|
24
24
|
exports.WebhookSignatureError = WebhookSignatureError;
|
|
25
|
+
class ResponseSignatureError extends errors_1.ADCPError {
|
|
26
|
+
code;
|
|
27
|
+
failedStep;
|
|
28
|
+
constructor(code, failedStep, message, details) {
|
|
29
|
+
super(message, details);
|
|
30
|
+
this.code = code;
|
|
31
|
+
this.failedStep = failedStep;
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
exports.ResponseSignatureError = ResponseSignatureError;
|
|
25
35
|
/**
|
|
26
36
|
* Adapter-side error thrown when a `SigningProvider`'s declared `algorithm`
|
|
27
37
|
* doesn't match the algorithm of the underlying key material.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/lib/signing/errors.ts"],"names":[],"mappings":";;;AAAA,sCAAsC;AAoBtC,MAAa,qBAAsB,SAAQ,kBAAS;IACzC,IAAI,CAA4B;IAChC,UAAU,CAAS;IAE5B,YAAY,IAA+B,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,sDASC;AA2CD,MAAa,qBAAsB,SAAQ,kBAAS;IACzC,IAAI,CAA4B;IAChC,UAAU,CAAS;IAE5B,YAAY,IAA+B,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,sDASC;AAUD;;;;;;;;GAQG;AACH,MAAa,qCAAsC,SAAQ,kBAAS;IACzD,IAAI,GAA6B,qCAAqC,CAAC;IACvE,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,WAAW,CAAS;IAE7B,YAAY,QAAgB,EAAE,MAAc,EAAE,WAAmB;QAC/D,KAAK,CACH,uCAAuC,QAAQ,4BAA4B,MAAM,WAAW,WAAW,MAAM;YAC3G,wGAAwG,CAC3G,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;CACF;AAfD,sFAeC"}
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../../../src/lib/signing/errors.ts"],"names":[],"mappings":";;;AAAA,sCAAsC;AAoBtC,MAAa,qBAAsB,SAAQ,kBAAS;IACzC,IAAI,CAA4B;IAChC,UAAU,CAAS;IAE5B,YAAY,IAA+B,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,sDASC;AA2CD,MAAa,qBAAsB,SAAQ,kBAAS;IACzC,IAAI,CAA4B;IAChC,UAAU,CAAS;IAE5B,YAAY,IAA+B,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QACjG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,sDASC;AAID,MAAa,sBAAuB,SAAQ,kBAAS;IAC1C,IAAI,CAA6B;IACjC,UAAU,CAAS;IAE5B,YAAY,IAAgC,EAAE,UAAkB,EAAE,OAAe,EAAE,OAAiB;QAClG,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IAC/B,CAAC;CACF;AATD,wDASC;AAUD;;;;;;;;GAQG;AACH,MAAa,qCAAsC,SAAQ,kBAAS;IACzD,IAAI,GAA6B,qCAAqC,CAAC;IACvE,QAAQ,CAAS;IACjB,MAAM,CAAS;IACf,WAAW,CAAS;IAE7B,YAAY,QAAgB,EAAE,MAAc,EAAE,WAAmB;QAC/D,KAAK,CACH,uCAAuC,QAAQ,4BAA4B,MAAM,WAAW,WAAW,MAAM;YAC3G,wGAAwG,CAC3G,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;CACF;AAfD,sFAeC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { AdcpJsonWebKey, AdcpSignAlg } from './types';
|
|
2
|
-
export type AdcpUse = 'request-signing' | 'webhook-signing' | 'governance-signing';
|
|
2
|
+
export type AdcpUse = 'request-signing' | 'webhook-signing' | 'response-signing' | 'governance-signing';
|
|
3
3
|
export declare function assertAdcpUse(value: unknown, helperName: string): asserts value is AdcpUse;
|
|
4
4
|
export interface PemToAdcpJwkOptions {
|
|
5
5
|
/** `kid` to embed in the JWK — must match the value published in `Signature-Input`. */
|
|
@@ -10,6 +10,8 @@ export interface PemToAdcpJwkOptions {
|
|
|
10
10
|
* Purpose binding, enforced by AdCP verifiers at step 8.
|
|
11
11
|
* - `'request-signing'` — for JWKs published at the buyer's `jwks_uri`.
|
|
12
12
|
* - `'webhook-signing'` — for JWKs used to sign outbound webhook callbacks.
|
|
13
|
+
* - `'response-signing'` — for compatibility with agents that sign JSON
|
|
14
|
+
* transport responses directly.
|
|
13
15
|
* - `'governance-signing'` — for JWKs used to sign governance context
|
|
14
16
|
* (JWS-signed, not RFC 9421). Declared on JWKs published in a tenant's
|
|
15
17
|
* aggregated JWKS so JSON-typed consumers (e.g., third-party verifiers
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwks-helpers.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/jwks-helpers.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAkB3D,MAAM,MAAM,OAAO,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"jwks-helpers.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/jwks-helpers.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAkB3D,MAAM,MAAM,OAAO,GAAG,iBAAiB,GAAG,iBAAiB,GAAG,kBAAkB,GAAG,oBAAoB,CAAC;AASxG,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAO1F;AAED,MAAM,WAAW,mBAAmB;IAClC,uFAAuF;IACvF,GAAG,EAAE,MAAM,CAAC;IACZ,6EAA6E;IAC7E,SAAS,EAAE,WAAW,CAAC;IACvB;;;;;;;;;;;;;OAaG;IACH,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,cAAc,CA6CtF"}
|
|
@@ -18,7 +18,12 @@ const WIRE_ALG_TO_JOSE = {
|
|
|
18
18
|
ed25519: 'EdDSA',
|
|
19
19
|
'ecdsa-p256-sha256': 'ES256',
|
|
20
20
|
};
|
|
21
|
-
const ADCP_USE_VALUES = new Set([
|
|
21
|
+
const ADCP_USE_VALUES = new Set([
|
|
22
|
+
'request-signing',
|
|
23
|
+
'webhook-signing',
|
|
24
|
+
'response-signing',
|
|
25
|
+
'governance-signing',
|
|
26
|
+
]);
|
|
22
27
|
function assertAdcpUse(value, helperName) {
|
|
23
28
|
if (typeof value !== 'string' || !ADCP_USE_VALUES.has(value)) {
|
|
24
29
|
throw new TypeError(`${helperName}: unsupported adcp_use '${String(value)}'. ` +
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwks-helpers.js","sourceRoot":"","sources":["../../../src/lib/signing/jwks-helpers.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"jwks-helpers.js","sourceRoot":"","sources":["../../../src/lib/signing/jwks-helpers.ts"],"names":[],"mappings":";;AA4BA,sCAOC;AAwDD,oCA6CC;AAxID,6CAA8C;AAG9C;;;;;;;;;;GAUG;AACH,MAAM,gBAAgB,GAAgC;IACpD,OAAO,EAAE,OAAO;IAChB,mBAAmB,EAAE,OAAO;CAC7B,CAAC;AAIF,MAAM,eAAe,GAAG,IAAI,GAAG,CAAU;IACvC,iBAAiB;IACjB,iBAAiB;IACjB,kBAAkB;IAClB,oBAAoB;CACrB,CAAC,CAAC;AAEH,SAAgB,aAAa,CAAC,KAAc,EAAE,UAAkB;IAC9D,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,KAAgB,CAAC,EAAE,CAAC;QACxE,MAAM,IAAI,SAAS,CACjB,GAAG,UAAU,2BAA2B,MAAM,CAAC,KAAK,CAAC,KAAK;YACxD,cAAc,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1D,CAAC;IACJ,CAAC;AACH,CAAC;AAwBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,SAAgB,YAAY,CAAC,GAAW,EAAE,OAA4B;IACpE,aAAa,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAEhD,wEAAwE;IACxE,uEAAuE;IACvE,sEAAsE;IACtE,uEAAuE;IACvE,iBAAiB;IACjB,IAAI,kCAAkC,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACjD,MAAM,IAAI,SAAS,CACjB,2CAA2C;YACzC,gEAAgE;YAChE,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,IAAA,6BAAe,EAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CACjB,sDAAsD;YACpD,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI;YACvD,4CAA4C,CAC/C,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,SAAS,CACjB,wCAAwC,OAAO,CAAC,SAAS,KAAK;YAC5D,cAAc,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC5D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,CAA4B,CAAC;IAE7E,OAAO;QACL,GAAG,QAAQ;QACX,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;QACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,OAAO,EAAE,CAAC,QAAQ,CAAC;KACF,CAAC;AACtB,CAAC"}
|
|
@@ -29,10 +29,10 @@ function parseSignatureInput(headerValue) {
|
|
|
29
29
|
malformed('Signature-Input value must be a parenthesized component list');
|
|
30
30
|
}
|
|
31
31
|
const components = [];
|
|
32
|
-
for (const [bare] of entry[0]) {
|
|
32
|
+
for (const [bare, itemParams] of entry[0]) {
|
|
33
33
|
if (typeof bare !== 'string')
|
|
34
34
|
malformed('Signature-Input components must all be strings');
|
|
35
|
-
components.push(bare);
|
|
35
|
+
components.push(itemParams instanceof Map && itemParams.get('req') === true ? `${bare};req` : bare);
|
|
36
36
|
}
|
|
37
37
|
const params = {};
|
|
38
38
|
for (const [key, value] of entry[1]) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../../src/lib/signing/parser.ts"],"names":[],"mappings":";;AAoCA,kDA0CC;AAED,wCAsBC;AAaD,sEASC;AA5HD,2DAAqG;AACrG,qCAAiD;AA4BjD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAChE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAEvD,SAAS,SAAS,CAAC,OAAe;IAChC,MAAM,IAAI,8BAAqB,CAAC,oCAAoC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;AACpF,CAAC;AAED,SAAgB,mBAAmB,CAAC,WAAmB;IACrD,6BAA6B,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;IAC9D,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,oCAAe,EAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,IAAI,CAAC,YAAY,+BAAU;YAAE,SAAS,CAAC,wCAAwC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5F,MAAM,CAAC,CAAC;IACV,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC;QAAE,SAAS,CAAC,iCAAiC,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAE,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAgB,CAAC;IAC/E,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC;IAC/B,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,SAAS,CAAC,8DAA8D,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,KAAK,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"parser.js","sourceRoot":"","sources":["../../../src/lib/signing/parser.ts"],"names":[],"mappings":";;AAoCA,kDA0CC;AAED,wCAsBC;AAaD,sEASC;AA5HD,2DAAqG;AACrG,qCAAiD;AA4BjD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;AAChE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;AAEvD,SAAS,SAAS,CAAC,OAAe;IAChC,MAAM,IAAI,8BAAqB,CAAC,oCAAoC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;AACpF,CAAC;AAED,SAAgB,mBAAmB,CAAC,WAAmB;IACrD,6BAA6B,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;IAC9D,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,IAAI,GAAG,IAAA,oCAAe,EAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,IAAI,CAAC,YAAY,+BAAU;YAAE,SAAS,CAAC,wCAAwC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC5F,MAAM,CAAC,CAAC;IACV,CAAC;IACD,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC;QAAE,SAAS,CAAC,iCAAiC,CAAC,CAAC;IAClE,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAE,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAgB,CAAC;IAC/E,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,KAAK,CAAE,CAAC;IAC/B,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;QACxB,SAAS,CAAC,8DAA8D,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QAC1C,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,SAAS,CAAC,gDAAgD,CAAC,CAAC;QAC1F,UAAU,CAAC,IAAI,CAAC,UAAU,YAAY,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IACtG,CAAC;IACD,MAAM,MAAM,GAAoC,EAAE,CAAC;IACnD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;QACpC,IAAI,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3B,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,SAAS,CAAC,wBAAwB,GAAG,2BAA2B,CAAC,CAAC;YACpE,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;aAAM,IAAI,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1D,SAAS,CAAC,wBAAwB,GAAG,sBAAsB,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;aAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAClE,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;QACtB,CAAC;IACH,CAAC;IACD,OAAO;QACL,KAAK;QACL,UAAU;QACV,oBAAoB,EAAE,IAAA,uCAAkB,EAAC,KAAK,CAAC;QAC/C,MAAM,EAAE,MAAwC;KACjD,CAAC;AACJ,CAAC;AAED,SAAgB,cAAc,CAAC,WAAmB,EAAE,aAAqB;IACvE,IAAI,IAAI,CAAC;IACT,IAAI,CAAC;QACH,sEAAsE;QACtE,yEAAyE;QACzE,gEAAgE;QAChE,IAAI,GAAG,IAAA,oCAAe,EAAC,2BAA2B,CAAC,WAAW,CAAC,CAAC,CAAC;IACnE,CAAC;IAAC,OAAO,CAAU,EAAE,CAAC;QACpB,IAAI,CAAC,YAAY,+BAAU,EAAE,CAAC;YAC5B,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC;gBAAE,SAAS,CAAC,gDAAgD,CAAC,CAAC;YAC3F,SAAS,CAAC,kCAAkC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,MAAM,CAAC,CAAC;IACV,CAAC;IACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACtC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,SAAS,CAAC,4CAA4C,aAAa,GAAG,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY,WAAW,CAAC,EAAE,CAAC;QACvC,SAAS,CAAC,wBAAwB,aAAa,2BAA2B,CAAC,CAAC;IAC9E,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAC5E,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAE,KAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;AACxE,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,6BAA6B,CAAC,WAAmB,EAAE,UAAkB;IACnF,MAAM,IAAI,GAAG,uBAAuB,CAAC,WAAW,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAClB,SAAS,CAAC,GAAG,UAAU,yBAAyB,GAAG,kBAAkB,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAChB,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAAC,KAAa;IAC5C,MAAM,IAAI,GAAa,EAAE,CAAC;IAC1B,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,MAAM,GAAG,GAAG,KAAK,CAAC,MAAM,CAAC;IACzB,IAAI,YAAY,GAAG,IAAI,CAAC;IACxB,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACf,IAAI,YAAY,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC;gBAAE,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAG,CAAC,CAAC;YACnB,OAAO,CAAC,GAAG,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;gBAAE,CAAC,EAAE,CAAC;YACxD,IAAI,CAAC,GAAG,QAAQ;gBAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YACpE,YAAY,GAAG,KAAK,CAAC;YACrB,SAAS;QACX,CAAC;QACD,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACrB,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,CAAC,EAAE,CAAC;YACJ,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;gBACf,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC;oBACrC,CAAC,IAAI,CAAC,CAAC;oBACP,SAAS;gBACX,CAAC;gBACD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;oBACrB,CAAC,EAAE,CAAC;oBACJ,MAAM;gBACR,CAAC;gBACD,CAAC,EAAE,CAAC;YACN,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,CAAC,EAAE,CAAC;YACJ,OAAO,CAAC,GAAG,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG;gBAAE,CAAC,EAAE,CAAC;YACxC,IAAI,CAAC,GAAG,GAAG;gBAAE,CAAC,EAAE,CAAC;YACjB,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,CAAC,EAAE,CAAC;YACJ,IAAI,KAAK,GAAG,CAAC,CAAC;YACd,OAAO,CAAC,GAAG,GAAG,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;gBACpB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;oBACd,CAAC,EAAE,CAAC;oBACJ,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;wBACf,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,CAAC;4BACrC,CAAC,IAAI,CAAC,CAAC;4BACP,SAAS;wBACX,CAAC;wBACD,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;4BACrB,CAAC,EAAE,CAAC;4BACJ,MAAM;wBACR,CAAC;wBACD,CAAC,EAAE,CAAC;oBACN,CAAC;oBACD,SAAS;gBACX,CAAC;gBACD,IAAI,CAAC,KAAK,GAAG;oBAAE,KAAK,EAAE,CAAC;qBAClB,IAAI,CAAC,KAAK,GAAG;oBAAE,KAAK,EAAE,CAAC;gBAC5B,CAAC,EAAE,CAAC;YACN,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;YACf,YAAY,GAAG,IAAI,CAAC;YACpB,CAAC,EAAE,CAAC;YACJ,SAAS;QACX,CAAC;QACD,CAAC,EAAE,CAAC;IACN,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,2BAA2B,CAAC,KAAa;IAChD,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,IAAI,mBAAmB,GAAG,KAAK,CAAC;IAChC,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACrB,IAAI,QAAQ,EAAE,CAAC;YACb,GAAG,IAAI,EAAE,CAAC;YACV,IAAI,EAAE,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;gBACxC,GAAG,IAAI,KAAK,CAAC,EAAE,CAAC,CAAE,CAAC;gBACnB,SAAS;YACX,CAAC;YACD,IAAI,EAAE,KAAK,GAAG;gBAAE,QAAQ,GAAG,KAAK,CAAC;YACjC,SAAS;QACX,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACf,OAAO,GAAG,KAAK,CAAC;gBAChB,GAAG,IAAI,EAAE,CAAC;gBACV,IAAI,mBAAmB,IAAI,kBAAkB,EAAE,CAAC;oBAC9C,SAAS,CAAC,+DAA+D,CAAC,CAAC;gBAC7E,CAAC;gBACD,mBAAmB,GAAG,KAAK,CAAC;gBAC5B,kBAAkB,GAAG,KAAK,CAAC;YAC7B,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,kBAAkB,GAAG,IAAI,CAAC;gBAC1B,GAAG,IAAI,GAAG,CAAC;YACb,CAAC;iBAAM,IAAI,EAAE,KAAK,GAAG,EAAE,CAAC;gBACtB,kBAAkB,GAAG,IAAI,CAAC;gBAC1B,GAAG,IAAI,GAAG,CAAC;YACb,CAAC;iBAAM,CAAC;gBACN,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,GAAG;oBAAE,mBAAmB,GAAG,IAAI,CAAC;gBACvE,GAAG,IAAI,EAAE,CAAC;YACZ,CAAC;YACD,SAAS;QACX,CAAC;QACD,IAAI,EAAE,KAAK,GAAG;YAAE,QAAQ,GAAG,IAAI,CAAC;aAC3B,IAAI,EAAE,KAAK,GAAG;YAAE,OAAO,GAAG,IAAI,CAAC;QACpC,GAAG,IAAI,EAAE,CAAC;IACZ,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -54,19 +54,22 @@ export interface SigningProvider {
|
|
|
54
54
|
/**
|
|
55
55
|
* Purpose binding for the underlying key, parallel to the sync-path
|
|
56
56
|
* `SignerKey.privateKey.adcp_use` gate. When set, the async helpers
|
|
57
|
-
* (`signRequestAsync`, `signWebhookAsync`) refuse keys
|
|
58
|
-
* doesn't match the helper, with the same error codes the
|
|
59
|
-
* at step 8.
|
|
57
|
+
* (`signRequestAsync`, `signWebhookAsync`, `signResponseAsync`) refuse keys
|
|
58
|
+
* whose `adcpUse` doesn't match the helper, with the same error codes the
|
|
59
|
+
* verifier raises at step 8.
|
|
60
60
|
*
|
|
61
|
-
* **Optional and backward-compatible
|
|
62
|
-
* `adcpUse` skip the gate (no breakage,
|
|
61
|
+
* **Optional and backward-compatible for request/webhook helpers.** Existing
|
|
62
|
+
* providers that omit `adcpUse` skip the request/webhook gate (no breakage,
|
|
63
|
+
* but no defense-in-depth either). `signResponseAsync` is stricter and
|
|
64
|
+
* requires `adcpUse: 'response-signing'`, because response signing is a
|
|
65
|
+
* compatibility surface without an SDK verifier later in the pipeline.
|
|
63
66
|
* When present, it is intentionally typed as a raw string so retired or
|
|
64
67
|
* unknown purpose values still fail closed instead of being erased before
|
|
65
68
|
* the signer-side gate runs. Adapter authors who care about catching IAM
|
|
66
69
|
* misconfig at the signer rather than the verifier should set this — KMS is
|
|
67
70
|
* exactly where one IAM mistake silently grants a single key cross-purpose
|
|
68
|
-
* access, and `request-signing` / `webhook-signing`
|
|
69
|
-
* per AdCP step-8 purpose-binding.
|
|
71
|
+
* access, and `request-signing` / `webhook-signing` / `response-signing`
|
|
72
|
+
* keys MUST stay distinct per AdCP step-8 purpose-binding.
|
|
70
73
|
*/
|
|
71
74
|
readonly adcpUse?: string;
|
|
72
75
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/C;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC;IAEhC
|
|
1
|
+
{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/provider.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAE/C;;;OAGG;IACH,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IAEvB;;OAEG;IACH,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC;IAEhC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAE1B;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACH,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B"}
|
|
@@ -8,11 +8,11 @@
|
|
|
8
8
|
* capability cache). The aggregate `@adcp/sdk/signing` barrel re-exports
|
|
9
9
|
* both for back-compat.
|
|
10
10
|
*/
|
|
11
|
-
export { buildSignatureBase, canonicalAuthority, canonicalMethod, canonicalTargetUri, formatSignatureParams, getHeaderValue, type RequestLike, type SignatureParams, } from './canonicalize';
|
|
11
|
+
export { buildResponseSignatureBase, buildSignatureBase, canonicalAuthority, canonicalMethod, canonicalTargetUri, formatSignatureParams, getHeaderValue, type RequestLike, type ResponseLike, type SignatureParams, } from './canonicalize';
|
|
12
12
|
export { computeContentDigest, contentDigestMatches, parseContentDigest } from './content-digest';
|
|
13
13
|
export { requestContextFromExpress, requestContextFromFetch, requestContextFromLambda, type ExpressRequestLike, type FetchRequestLike, type LambdaRequestEvent, type RequestContextFromExpressOptions, type RequestContextFromLambdaOptions, } from './request-context';
|
|
14
14
|
export { jwkToPublicKey, verifySignature } from './crypto';
|
|
15
|
-
export { RequestSignatureError, type RequestSignatureErrorCode, WebhookSignatureError, type WebhookSignatureErrorCode, } from './errors';
|
|
15
|
+
export { RequestSignatureError, type RequestSignatureErrorCode, ResponseSignatureError, type ResponseSignatureErrorCode, WebhookSignatureError, type WebhookSignatureErrorCode, } from './errors';
|
|
16
16
|
export { StaticJwksResolver, type JwksResolver } from './jwks';
|
|
17
17
|
export { HttpsJwksResolver, type HttpsJwksResolverOptions } from './jwks-https';
|
|
18
18
|
export { BrandJsonJwksResolver, BrandJsonResolverError, type BrandAgentType, type BrandJsonJwksResolverOptions, type BrandJsonResolverErrorCode, } from './brand-jwks';
|
|
@@ -22,9 +22,11 @@ export { PostgresReplayStore, REPLAY_CACHE_MIGRATION, getReplayStoreMigration, s
|
|
|
22
22
|
export { RedisReplayStore, type RedisReplayStoreOptions, type ReplayRedisBackendClient, type ReplayRedisLikeClient, } from './redis-replay-store';
|
|
23
23
|
export { InMemoryRevocationStore, type RevocationStore } from './revocation';
|
|
24
24
|
export { HttpsRevocationStore, type HttpsRevocationStoreOptions } from './revocation-https';
|
|
25
|
-
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG, type AdcpJsonWebKey, type ContentDigestPolicy, type RevocationSnapshot, type VerifiedSigner, type VerifierCapability, type VerifyResult, } from './types';
|
|
25
|
+
export { ALLOWED_ALGS, CLOCK_SKEW_TOLERANCE_SECONDS, MANDATORY_COMPONENTS, MAX_SIGNATURE_WINDOW_SECONDS, REQUEST_SIGNING_TAG, RESPONSE_MANDATORY_COMPONENTS, RESPONSE_SIGNING_TAG, type AdcpJsonWebKey, type ContentDigestPolicy, type RevocationSnapshot, type VerifiedSigner, type VerifierCapability, type VerifyResult, } from './types';
|
|
26
26
|
export { verifyRequestSignature, type VerifyRequestOptions } from './verifier';
|
|
27
27
|
export { createWebhookVerifier, verifyWebhookSignature, WEBHOOK_MANDATORY_COMPONENTS, WEBHOOK_SIGNING_TAG, type CreateWebhookVerifierOptions, type VerifyWebhookOptions, type VerifyWebhookResult, } from './webhook-verifier';
|
|
28
28
|
export { createExpressVerifier, type ExpressLike, type ExpressMiddlewareOptions } from './middleware';
|
|
29
|
+
export { finalizeResponseSignature, prepareResponseSignature, signResponse, type PreparedResponseSignature, type SignedResponse, type SignResponseOptions, } from './signer';
|
|
30
|
+
export { signResponseAsync } from './signer-async';
|
|
29
31
|
export { resolveAgent, getAgentJwks, createAgentJwksSet, AgentResolverError, attackerInfluencedFields, ATTACKER_INFLUENCED, readBrandJsonUrl, readIdentityPosture, type AgentResolution, type AgentProtocol, type AgentResolverErrorCode, type AgentResolverErrorDetail, type AgentEntry, type AgentJwksResult, type CapabilitiesWithBrandJsonUrl, type CreateAgentJwksSetOptions, type FetchCapabilitiesFn, type GetAgentJwksOptions, type IdentityKeyOriginPurpose, type IdentityKeyOrigins, type IdentityPosture, type ResolveAgentOptions, type TraceStep, } from './agent-resolver';
|
|
30
32
|
//# sourceMappingURL=server.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,GACrC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,qBAAqB,EACrB,KAAK,yBAAyB,GAC/B,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAChF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,cAAc,EACnB,KAAK,4BAA4B,EACjC,KAAK,0BAA0B,GAChC,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,eAAe,EAAE,KAAK,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChH,OAAO,EACL,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,GAChC,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,qBAAqB,GAC3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,uBAAuB,EAAE,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,KAAK,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AAC5F,OAAO,EACL,YAAY,EACZ,4BAA4B,EAC5B,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,KAAK,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,4BAA4B,EACjC,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,qBAAqB,EAAE,KAAK,WAAW,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACtG,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,wBAAwB,EAC7B,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC9B,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,wBAAwB,EAC7B,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,GACf,MAAM,kBAAkB,CAAC"}
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EACL,0BAA0B,EAC1B,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,kBAAkB,EAClB,qBAAqB,EACrB,cAAc,EACd,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAClG,OAAO,EACL,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,KAAK,kBAAkB,EACvB,KAAK,gBAAgB,EACrB,KAAK,kBAAkB,EACvB,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,GACrC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3D,OAAO,EACL,qBAAqB,EACrB,KAAK,yBAAyB,EAC9B,sBAAsB,EACtB,KAAK,0BAA0B,EAC/B,qBAAqB,EACrB,KAAK,yBAAyB,GAC/B,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,kBAAkB,EAAE,KAAK,YAAY,EAAE,MAAM,QAAQ,CAAC;AAC/D,OAAO,EAAE,iBAAiB,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAChF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,KAAK,cAAc,EACnB,KAAK,4BAA4B,EACjC,KAAK,0BAA0B,GAChC,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,KAAK,eAAe,EAAE,KAAK,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAChH,OAAO,EACL,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,kBAAkB,EACvB,KAAK,WAAW,GACjB,MAAM,UAAU,CAAC;AAClB,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,mBAAmB,EACnB,KAAK,0BAA0B,EAC/B,KAAK,0BAA0B,GAChC,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,gBAAgB,EAChB,KAAK,uBAAuB,EAC5B,KAAK,wBAAwB,EAC7B,KAAK,qBAAqB,GAC3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,uBAAuB,EAAE,KAAK,eAAe,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,KAAK,2BAA2B,EAAE,MAAM,oBAAoB,CAAC;AAC5F,OAAO,EACL,YAAY,EACZ,4BAA4B,EAC5B,oBAAoB,EACpB,4BAA4B,EAC5B,mBAAmB,EACnB,6BAA6B,EAC7B,oBAAoB,EACpB,KAAK,cAAc,EACnB,KAAK,mBAAmB,EACxB,KAAK,kBAAkB,EACvB,KAAK,cAAc,EACnB,KAAK,kBAAkB,EACvB,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,KAAK,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/E,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,4BAA4B,EAC5B,mBAAmB,EACnB,KAAK,4BAA4B,EACjC,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,qBAAqB,EAAE,KAAK,WAAW,EAAE,KAAK,wBAAwB,EAAE,MAAM,cAAc,CAAC;AACtG,OAAO,EACL,yBAAyB,EACzB,wBAAwB,EACxB,YAAY,EACZ,KAAK,yBAAyB,EAC9B,KAAK,cAAc,EACnB,KAAK,mBAAmB,GACzB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,wBAAwB,EACxB,mBAAmB,EACnB,gBAAgB,EAChB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,wBAAwB,EAC7B,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,4BAA4B,EACjC,KAAK,yBAAyB,EAC9B,KAAK,mBAAmB,EACxB,KAAK,mBAAmB,EACxB,KAAK,wBAAwB,EAC7B,KAAK,kBAAkB,EACvB,KAAK,eAAe,EACpB,KAAK,mBAAmB,EACxB,KAAK,SAAS,GACf,MAAM,kBAAkB,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
3
|
+
exports.resolveAgent = exports.signResponseAsync = exports.signResponse = exports.prepareResponseSignature = exports.finalizeResponseSignature = exports.createExpressVerifier = exports.WEBHOOK_SIGNING_TAG = exports.WEBHOOK_MANDATORY_COMPONENTS = exports.verifyWebhookSignature = exports.createWebhookVerifier = exports.verifyRequestSignature = exports.RESPONSE_SIGNING_TAG = exports.RESPONSE_MANDATORY_COMPONENTS = exports.REQUEST_SIGNING_TAG = exports.MAX_SIGNATURE_WINDOW_SECONDS = exports.MANDATORY_COMPONENTS = exports.CLOCK_SKEW_TOLERANCE_SECONDS = exports.ALLOWED_ALGS = exports.HttpsRevocationStore = exports.InMemoryRevocationStore = exports.RedisReplayStore = exports.sweepExpiredReplays = exports.getReplayStoreMigration = exports.REPLAY_CACHE_MIGRATION = exports.PostgresReplayStore = exports.InMemoryReplayStore = exports.parseSignatureInput = exports.parseSignature = exports.BrandJsonResolverError = exports.BrandJsonJwksResolver = exports.HttpsJwksResolver = exports.StaticJwksResolver = exports.WebhookSignatureError = exports.ResponseSignatureError = exports.RequestSignatureError = exports.verifySignature = exports.jwkToPublicKey = exports.requestContextFromLambda = exports.requestContextFromFetch = exports.requestContextFromExpress = exports.parseContentDigest = exports.contentDigestMatches = exports.computeContentDigest = exports.getHeaderValue = exports.formatSignatureParams = exports.canonicalTargetUri = exports.canonicalMethod = exports.canonicalAuthority = exports.buildSignatureBase = exports.buildResponseSignatureBase = void 0;
|
|
4
|
+
exports.readIdentityPosture = exports.readBrandJsonUrl = exports.ATTACKER_INFLUENCED = exports.attackerInfluencedFields = exports.AgentResolverError = exports.createAgentJwksSet = exports.getAgentJwks = void 0;
|
|
4
5
|
/**
|
|
5
6
|
* Server-side signing surface: what a seller running an AdCP agent needs to
|
|
6
7
|
* verify inbound RFC 9421 signatures — verifier pipeline, Express-shaped
|
|
@@ -12,6 +13,7 @@ exports.readIdentityPosture = exports.readBrandJsonUrl = exports.ATTACKER_INFLUE
|
|
|
12
13
|
* both for back-compat.
|
|
13
14
|
*/
|
|
14
15
|
var canonicalize_1 = require("./canonicalize");
|
|
16
|
+
Object.defineProperty(exports, "buildResponseSignatureBase", { enumerable: true, get: function () { return canonicalize_1.buildResponseSignatureBase; } });
|
|
15
17
|
Object.defineProperty(exports, "buildSignatureBase", { enumerable: true, get: function () { return canonicalize_1.buildSignatureBase; } });
|
|
16
18
|
Object.defineProperty(exports, "canonicalAuthority", { enumerable: true, get: function () { return canonicalize_1.canonicalAuthority; } });
|
|
17
19
|
Object.defineProperty(exports, "canonicalMethod", { enumerable: true, get: function () { return canonicalize_1.canonicalMethod; } });
|
|
@@ -31,6 +33,7 @@ Object.defineProperty(exports, "jwkToPublicKey", { enumerable: true, get: functi
|
|
|
31
33
|
Object.defineProperty(exports, "verifySignature", { enumerable: true, get: function () { return crypto_1.verifySignature; } });
|
|
32
34
|
var errors_1 = require("./errors");
|
|
33
35
|
Object.defineProperty(exports, "RequestSignatureError", { enumerable: true, get: function () { return errors_1.RequestSignatureError; } });
|
|
36
|
+
Object.defineProperty(exports, "ResponseSignatureError", { enumerable: true, get: function () { return errors_1.ResponseSignatureError; } });
|
|
34
37
|
Object.defineProperty(exports, "WebhookSignatureError", { enumerable: true, get: function () { return errors_1.WebhookSignatureError; } });
|
|
35
38
|
var jwks_1 = require("./jwks");
|
|
36
39
|
Object.defineProperty(exports, "StaticJwksResolver", { enumerable: true, get: function () { return jwks_1.StaticJwksResolver; } });
|
|
@@ -61,6 +64,8 @@ Object.defineProperty(exports, "CLOCK_SKEW_TOLERANCE_SECONDS", { enumerable: tru
|
|
|
61
64
|
Object.defineProperty(exports, "MANDATORY_COMPONENTS", { enumerable: true, get: function () { return types_1.MANDATORY_COMPONENTS; } });
|
|
62
65
|
Object.defineProperty(exports, "MAX_SIGNATURE_WINDOW_SECONDS", { enumerable: true, get: function () { return types_1.MAX_SIGNATURE_WINDOW_SECONDS; } });
|
|
63
66
|
Object.defineProperty(exports, "REQUEST_SIGNING_TAG", { enumerable: true, get: function () { return types_1.REQUEST_SIGNING_TAG; } });
|
|
67
|
+
Object.defineProperty(exports, "RESPONSE_MANDATORY_COMPONENTS", { enumerable: true, get: function () { return types_1.RESPONSE_MANDATORY_COMPONENTS; } });
|
|
68
|
+
Object.defineProperty(exports, "RESPONSE_SIGNING_TAG", { enumerable: true, get: function () { return types_1.RESPONSE_SIGNING_TAG; } });
|
|
64
69
|
var verifier_1 = require("./verifier");
|
|
65
70
|
Object.defineProperty(exports, "verifyRequestSignature", { enumerable: true, get: function () { return verifier_1.verifyRequestSignature; } });
|
|
66
71
|
var webhook_verifier_1 = require("./webhook-verifier");
|
|
@@ -70,6 +75,12 @@ Object.defineProperty(exports, "WEBHOOK_MANDATORY_COMPONENTS", { enumerable: tru
|
|
|
70
75
|
Object.defineProperty(exports, "WEBHOOK_SIGNING_TAG", { enumerable: true, get: function () { return webhook_verifier_1.WEBHOOK_SIGNING_TAG; } });
|
|
71
76
|
var middleware_1 = require("./middleware");
|
|
72
77
|
Object.defineProperty(exports, "createExpressVerifier", { enumerable: true, get: function () { return middleware_1.createExpressVerifier; } });
|
|
78
|
+
var signer_1 = require("./signer");
|
|
79
|
+
Object.defineProperty(exports, "finalizeResponseSignature", { enumerable: true, get: function () { return signer_1.finalizeResponseSignature; } });
|
|
80
|
+
Object.defineProperty(exports, "prepareResponseSignature", { enumerable: true, get: function () { return signer_1.prepareResponseSignature; } });
|
|
81
|
+
Object.defineProperty(exports, "signResponse", { enumerable: true, get: function () { return signer_1.signResponse; } });
|
|
82
|
+
var signer_async_1 = require("./signer-async");
|
|
83
|
+
Object.defineProperty(exports, "signResponseAsync", { enumerable: true, get: function () { return signer_async_1.signResponseAsync; } });
|
|
73
84
|
var agent_resolver_1 = require("./agent-resolver");
|
|
74
85
|
Object.defineProperty(exports, "resolveAgent", { enumerable: true, get: function () { return agent_resolver_1.resolveAgent; } });
|
|
75
86
|
Object.defineProperty(exports, "getAgentJwks", { enumerable: true, get: function () { return agent_resolver_1.getAgentJwks; } });
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/lib/signing/server.ts"],"names":[],"mappings":";;;;AAAA;;;;;;;;;GASG;AACH,+CAWwB;AAVtB,0HAAA,0BAA0B,OAAA;AAC1B,kHAAA,kBAAkB,OAAA;AAClB,kHAAA,kBAAkB,OAAA;AAClB,+GAAA,eAAe,OAAA;AACf,kHAAA,kBAAkB,OAAA;AAClB,qHAAA,qBAAqB,OAAA;AACrB,8GAAA,cAAc,OAAA;AAKhB,mDAAkG;AAAzF,sHAAA,oBAAoB,OAAA;AAAE,sHAAA,oBAAoB,OAAA;AAAE,oHAAA,kBAAkB,OAAA;AACvE,qDAS2B;AARzB,4HAAA,yBAAyB,OAAA;AACzB,0HAAA,uBAAuB,OAAA;AACvB,2HAAA,wBAAwB,OAAA;AAO1B,mCAA2D;AAAlD,wGAAA,cAAc,OAAA;AAAE,yGAAA,eAAe,OAAA;AACxC,mCAOkB;AANhB,+GAAA,qBAAqB,OAAA;AAErB,gHAAA,sBAAsB,OAAA;AAEtB,+GAAA,qBAAqB,OAAA;AAGvB,+BAA+D;AAAtD,0GAAA,kBAAkB,OAAA;AAC3B,2CAAgF;AAAvE,+GAAA,iBAAiB,OAAA;AAC1B,2CAMsB;AALpB,mHAAA,qBAAqB,OAAA;AACrB,oHAAA,sBAAsB,OAAA;AAKxB,mCAAgH;AAAvG,wGAAA,cAAc,OAAA;AAAE,6GAAA,mBAAmB,OAAA;AAC5C,mCAKkB;AAJhB,6GAAA,mBAAmB,OAAA;AAKrB,iEAOiC;AAN/B,4HAAA,mBAAmB,OAAA;AACnB,+HAAA,sBAAsB,OAAA;AACtB,gIAAA,uBAAuB,OAAA;AACvB,4HAAA,mBAAmB,OAAA;AAIrB,2DAK8B;AAJ5B,sHAAA,gBAAgB,OAAA;AAKlB,2CAA6E;AAApE,qHAAA,uBAAuB,OAAA;AAChC,uDAA4F;AAAnF,wHAAA,oBAAoB,OAAA;AAC7B,iCAciB;AAbf,qGAAA,YAAY,OAAA;AACZ,qHAAA,4BAA4B,OAAA;AAC5B,6GAAA,oBAAoB,OAAA;AACpB,qHAAA,4BAA4B,OAAA;AAC5B,4GAAA,mBAAmB,OAAA;AACnB,sHAAA,6BAA6B,OAAA;AAC7B,6GAAA,oBAAoB,OAAA;AAQtB,uCAA+E;AAAtE,kHAAA,sBAAsB,OAAA;AAC/B,uDAQ4B;AAP1B,yHAAA,qBAAqB,OAAA;AACrB,0HAAA,sBAAsB,OAAA;AACtB,gIAAA,4BAA4B,OAAA;AAC5B,uHAAA,mBAAmB,OAAA;AAKrB,2CAAsG;AAA7F,mHAAA,qBAAqB,OAAA;AAC9B,mCAOkB;AANhB,mHAAA,yBAAyB,OAAA;AACzB,kHAAA,wBAAwB,OAAA;AACxB,sGAAA,YAAY,OAAA;AAKd,+CAAmD;AAA1C,iHAAA,iBAAiB,OAAA;AAC1B,mDAwB0B;AAvBxB,8GAAA,YAAY,OAAA;AACZ,8GAAA,YAAY,OAAA;AACZ,oHAAA,kBAAkB,OAAA;AAClB,oHAAA,kBAAkB,OAAA;AAClB,0HAAA,wBAAwB,OAAA;AACxB,qHAAA,mBAAmB,OAAA;AACnB,kHAAA,gBAAgB,OAAA;AAChB,qHAAA,mBAAmB,OAAA"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import type { RequestLike } from './canonicalize';
|
|
1
|
+
import type { RequestLike, ResponseLike } from './canonicalize';
|
|
2
2
|
import type { SigningProvider } from './provider';
|
|
3
|
-
import type { SignedRequest, SignRequestOptions, SignWebhookOptions } from './signer';
|
|
3
|
+
import type { SignedRequest, SignedResponse, SignRequestOptions, SignResponseOptions, SignWebhookOptions } from './signer';
|
|
4
4
|
/**
|
|
5
5
|
* Async variant of `signRequest` that delegates the actual signature
|
|
6
6
|
* production to a {@link SigningProvider}. Reuses
|
|
@@ -21,4 +21,9 @@ export declare function signRequestAsync(request: RequestLike, provider: Signing
|
|
|
21
21
|
* `Content-Digest` header stay in lockstep.
|
|
22
22
|
*/
|
|
23
23
|
export declare function signWebhookAsync(request: RequestLike, provider: SigningProvider, options?: SignWebhookOptions): Promise<SignedRequest>;
|
|
24
|
+
/**
|
|
25
|
+
* Async variant of `signResponse`. Reuses the sync canonicalization path;
|
|
26
|
+
* `provider.sign(payload)` is the only difference.
|
|
27
|
+
*/
|
|
28
|
+
export declare function signResponseAsync(response: ResponseLike, provider: SigningProvider, options?: SignResponseOptions): Promise<SignedResponse>;
|
|
24
29
|
//# sourceMappingURL=signer-async.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer-async.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/signer-async.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"signer-async.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/signer-async.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,KAAK,EACV,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,mBAAmB,EACnB,kBAAkB,EACnB,MAAM,UAAU,CAAC;AAUlB;;;;;;;;;;;GAWG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;;;;GAKG;AACH,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,kBAAuB,GAC/B,OAAO,CAAC,aAAa,CAAC,CAKxB;AAED;;;GAGG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,YAAY,EACtB,QAAQ,EAAE,eAAe,EACzB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,cAAc,CAAC,CAKzB"}
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.signRequestAsync = signRequestAsync;
|
|
4
4
|
exports.signWebhookAsync = signWebhookAsync;
|
|
5
|
+
exports.signResponseAsync = signResponseAsync;
|
|
5
6
|
const signer_1 = require("./signer");
|
|
6
7
|
/**
|
|
7
8
|
* Async variant of `signRequest` that delegates the actual signature
|
|
@@ -33,4 +34,14 @@ async function signWebhookAsync(request, provider, options = {}) {
|
|
|
33
34
|
const signature = await provider.sign(Buffer.from(prepared.base, 'utf8'));
|
|
34
35
|
return (0, signer_1.finalizeRequestSignature)(prepared, signature);
|
|
35
36
|
}
|
|
37
|
+
/**
|
|
38
|
+
* Async variant of `signResponse`. Reuses the sync canonicalization path;
|
|
39
|
+
* `provider.sign(payload)` is the only difference.
|
|
40
|
+
*/
|
|
41
|
+
async function signResponseAsync(response, provider, options = {}) {
|
|
42
|
+
(0, signer_1.assertProviderPurpose)(provider, 'response-signing', { requirePurpose: true });
|
|
43
|
+
const prepared = (0, signer_1.prepareResponseSignature)(response, { keyid: provider.keyid, alg: provider.algorithm }, options);
|
|
44
|
+
const signature = await provider.sign(Buffer.from(prepared.base, 'utf8'));
|
|
45
|
+
return (0, signer_1.finalizeResponseSignature)(prepared, signature);
|
|
46
|
+
}
|
|
36
47
|
//# sourceMappingURL=signer-async.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer-async.js","sourceRoot":"","sources":["../../../src/lib/signing/signer-async.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"signer-async.js","sourceRoot":"","sources":["../../../src/lib/signing/signer-async.ts"],"names":[],"mappings":";;AA8BA,4CASC;AAQD,4CASC;AAMD,8CASC;AA9DD,qCAOkB;AAElB;;;;;;;;;;;GAWG;AACI,KAAK,UAAU,gBAAgB,CACpC,OAAoB,EACpB,QAAyB,EACzB,UAA8B,EAAE;IAEhC,IAAA,8BAAqB,EAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,gCAAuB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,SAAS,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/G,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1E,OAAO,IAAA,iCAAwB,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,gBAAgB,CACpC,OAAoB,EACpB,QAAyB,EACzB,UAA8B,EAAE;IAEhC,IAAA,8BAAqB,EAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;IACnD,MAAM,QAAQ,GAAG,IAAA,gCAAuB,EAAC,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,SAAS,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/G,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1E,OAAO,IAAA,iCAAwB,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,iBAAiB,CACrC,QAAsB,EACtB,QAAyB,EACzB,UAA+B,EAAE;IAEjC,IAAA,8BAAqB,EAAC,QAAQ,EAAE,kBAAkB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9E,MAAM,QAAQ,GAAG,IAAA,iCAAwB,EAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,GAAG,EAAE,QAAQ,CAAC,SAAS,EAAE,EAAE,OAAO,CAAC,CAAC;IACjH,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC1E,OAAO,IAAA,kCAAyB,EAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACxD,CAAC"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { type RequestLike, type SignatureParams } from './canonicalize';
|
|
1
|
+
import { type RequestLike, type ResponseLike, type SignatureParams } from './canonicalize';
|
|
2
2
|
import type { AdcpUse } from './jwks-helpers';
|
|
3
3
|
import { type AdcpJsonWebKey, type AdcpSignAlg } from './types';
|
|
4
4
|
export interface SignerKey {
|
|
@@ -8,6 +8,7 @@ export interface SignerKey {
|
|
|
8
8
|
* Private JWK. MUST carry `adcp_use` matching the helper being called:
|
|
9
9
|
* - `signRequest` requires `adcp_use: 'request-signing'`
|
|
10
10
|
* - `signWebhook` requires `adcp_use: 'webhook-signing'`
|
|
11
|
+
* - `signResponse` requires `adcp_use: 'response-signing'`
|
|
11
12
|
*
|
|
12
13
|
* Mismatched or missing `adcp_use` throws at the signer with the same
|
|
13
14
|
* error code the verifier raises at step 8 — failure surfaces at
|
|
@@ -52,7 +53,9 @@ type Rfc9421AdcpUse = Exclude<AdcpUse, 'governance-signing'>;
|
|
|
52
53
|
declare function assertProviderPurpose(provider: {
|
|
53
54
|
readonly keyid: string;
|
|
54
55
|
readonly adcpUse?: string;
|
|
55
|
-
}, expected: Rfc9421AdcpUse
|
|
56
|
+
}, expected: Rfc9421AdcpUse, options?: {
|
|
57
|
+
requirePurpose?: boolean;
|
|
58
|
+
}): void;
|
|
56
59
|
export { assertProviderPurpose };
|
|
57
60
|
export interface SignRequestOptions {
|
|
58
61
|
coverContentDigest?: boolean;
|
|
@@ -153,4 +156,54 @@ export declare function prepareWebhookSignature(request: RequestLike, identity:
|
|
|
153
156
|
* conformant webhooks should use this instead of hand-rolling signatures.
|
|
154
157
|
*/
|
|
155
158
|
export declare function signWebhook(request: RequestLike, key: SignerKey, options?: SignWebhookOptions): SignedRequest;
|
|
159
|
+
export interface SignResponseOptions {
|
|
160
|
+
/**
|
|
161
|
+
* Cover a `Content-Digest` of the response body. Defaults to `true` when
|
|
162
|
+
* the response has a body.
|
|
163
|
+
*/
|
|
164
|
+
coverContentDigest?: boolean;
|
|
165
|
+
/**
|
|
166
|
+
* Additional derived/header components to cover beyond
|
|
167
|
+
* {@link RESPONSE_MANDATORY_COMPONENTS}. The defaults include `@status`,
|
|
168
|
+
* `@method;req`, `@authority;req`, and `@target-uri;req`. Only the
|
|
169
|
+
* RFC 9421 `;req` component parameter is supported; other component
|
|
170
|
+
* parameters are rejected rather than silently round-tripped.
|
|
171
|
+
*/
|
|
172
|
+
additionalComponents?: ReadonlyArray<string>;
|
|
173
|
+
label?: string;
|
|
174
|
+
windowSeconds?: number;
|
|
175
|
+
now?: () => number;
|
|
176
|
+
nonce?: string;
|
|
177
|
+
/**
|
|
178
|
+
* Override the signature tag. Defaults to `adcp/response-signing/v1`.
|
|
179
|
+
*/
|
|
180
|
+
tag?: string;
|
|
181
|
+
}
|
|
182
|
+
export interface SignedResponse {
|
|
183
|
+
status: number;
|
|
184
|
+
headers: Record<string, string>;
|
|
185
|
+
signatureBase: string;
|
|
186
|
+
params: SignatureParams;
|
|
187
|
+
}
|
|
188
|
+
export interface PreparedResponseSignature {
|
|
189
|
+
status: number;
|
|
190
|
+
components: string[];
|
|
191
|
+
params: SignatureParams;
|
|
192
|
+
/**
|
|
193
|
+
* Outbound response headers including `Content-Digest` when covered, but
|
|
194
|
+
* not yet including `Signature-Input` / `Signature`.
|
|
195
|
+
*/
|
|
196
|
+
headers: Record<string, string>;
|
|
197
|
+
/** Canonical signature base bytes (UTF-8). Pass to the signer/provider. */
|
|
198
|
+
base: string;
|
|
199
|
+
label: string;
|
|
200
|
+
}
|
|
201
|
+
/**
|
|
202
|
+
* Canonicalize a response for RFC 9421 response signing. This compatibility
|
|
203
|
+
* helper is signing-only; it does not imply a generic AdCP response-verifier
|
|
204
|
+
* protocol surface.
|
|
205
|
+
*/
|
|
206
|
+
export declare function prepareResponseSignature(response: ResponseLike, identity: SignatureIdentity, options?: SignResponseOptions): PreparedResponseSignature;
|
|
207
|
+
export declare function finalizeResponseSignature(prepared: PreparedResponseSignature, signature: Uint8Array): SignedResponse;
|
|
208
|
+
export declare function signResponse(response: ResponseLike, key: SignerKey, options?: SignResponseOptions): SignedResponse;
|
|
156
209
|
//# sourceMappingURL=signer.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/signer.ts"],"names":[],"mappings":"AACA,OAAO,
|
|
1
|
+
{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/signer.ts"],"names":[],"mappings":"AACA,OAAO,EAIL,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,eAAe,EACrB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAML,KAAK,cAAc,EACnB,KAAK,WAAW,EACjB,MAAM,SAAS,CAAC;AAGjB,MAAM,WAAW,SAAS;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,SAAS,GAAG,mBAAmB,CAAC;IACrC;;;;;;;;;;;OAWG;IACH,UAAU,EAAE,cAAc,CAAC;CAC5B;AAED;;;;;;;;;;;GAWG;AACH;;;;;;;GAOG;AACH,KAAK,cAAc,GAAG,OAAO,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;AAM7D;;;;;;;;;;GAUG;AACH,iBAAS,qBAAqB,CAC5B,QAAQ,EAAE;IAAE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,EAC/D,QAAQ,EAAE,cAAc,EACxB,OAAO,GAAE;IAAE,cAAc,CAAC,EAAE,OAAO,CAAA;CAAO,GACzC,IAAI,CAGN;AA0BD,OAAO,EAAE,qBAAqB,EAAE,CAAC;AAEjC,MAAM,WAAW,kBAAkB;IACjC,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,eAAe,CAAC;CACzB;AAED;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,WAAW,CAAC;CAClB;AAED;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,eAAe,CAAC;IACxB;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,2EAA2E;IAC3E,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,GAAE,kBAAuB,GAC/B,wBAAwB,CA8B1B;AAED;;;;;;;;;GASG;AACH,wBAAgB,wBAAwB,CAAC,QAAQ,EAAE,wBAAwB,EAAE,SAAS,EAAE,UAAU,GAAG,aAAa,CAMjH;AAED,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,GAAE,kBAAuB,GAAG,aAAa,CAKjH;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,WAAW,EACpB,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,GAAE,kBAAuB,GAC/B,wBAAwB,CAuB1B;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,GAAE,kBAAuB,GAAG,aAAa,CAKjH;AAED,MAAM,WAAW,mBAAmB;IAClC;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;;;;;OAMG;IACH,oBAAoB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC7C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,eAAe,CAAC;CACzB;AAED,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,MAAM,EAAE,eAAe,CAAC;IACxB;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,2EAA2E;IAC3E,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;CACf;AAED;;;;GAIG;AACH,wBAAgB,wBAAwB,CACtC,QAAQ,EAAE,YAAY,EACtB,QAAQ,EAAE,iBAAiB,EAC3B,OAAO,GAAE,mBAAwB,GAChC,yBAAyB,CAmC3B;AAED,wBAAgB,yBAAyB,CAAC,QAAQ,EAAE,yBAAyB,EAAE,SAAS,EAAE,UAAU,GAAG,cAAc,CAMpH;AAED,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,YAAY,EACtB,GAAG,EAAE,SAAS,EACd,OAAO,GAAE,mBAAwB,GAChC,cAAc,CAKhB"}
|
|
@@ -6,6 +6,9 @@ exports.finalizeRequestSignature = finalizeRequestSignature;
|
|
|
6
6
|
exports.signRequest = signRequest;
|
|
7
7
|
exports.prepareWebhookSignature = prepareWebhookSignature;
|
|
8
8
|
exports.signWebhook = signWebhook;
|
|
9
|
+
exports.prepareResponseSignature = prepareResponseSignature;
|
|
10
|
+
exports.finalizeResponseSignature = finalizeResponseSignature;
|
|
11
|
+
exports.signResponse = signResponse;
|
|
9
12
|
const crypto_1 = require("crypto");
|
|
10
13
|
const canonicalize_1 = require("./canonicalize");
|
|
11
14
|
const content_digest_1 = require("./content-digest");
|
|
@@ -26,8 +29,8 @@ function assertKeyPurpose(key, expected) {
|
|
|
26
29
|
* (`signRequestAsync` / `signWebhookAsync`) then enforce the binding
|
|
27
30
|
* parallel to the sync path.
|
|
28
31
|
*/
|
|
29
|
-
function assertProviderPurpose(provider, expected) {
|
|
30
|
-
if (provider.adcpUse === undefined)
|
|
32
|
+
function assertProviderPurpose(provider, expected, options = {}) {
|
|
33
|
+
if (provider.adcpUse === undefined && !options.requirePurpose)
|
|
31
34
|
return;
|
|
32
35
|
throwIfPurposeMismatch(provider.keyid, provider.adcpUse, expected);
|
|
33
36
|
}
|
|
@@ -42,6 +45,8 @@ function throwIfPurposeMismatch(keyid, actual, expected) {
|
|
|
42
45
|
throw new errors_1.RequestSignatureError('request_signature_key_purpose_invalid', 8, message);
|
|
43
46
|
case 'webhook-signing':
|
|
44
47
|
throw new errors_1.WebhookSignatureError('webhook_signature_key_purpose_invalid', 8, message);
|
|
48
|
+
case 'response-signing':
|
|
49
|
+
throw new errors_1.ResponseSignatureError('response_signature_key_purpose_invalid', 8, message);
|
|
45
50
|
default: {
|
|
46
51
|
// Compile-time exhaustiveness: a future widening of `Rfc9421AdcpUse`
|
|
47
52
|
// (typically because `AdcpUse` grew an RFC-9421 member) must add a
|
|
@@ -161,6 +166,58 @@ function signWebhook(request, key, options = {}) {
|
|
|
161
166
|
const signature = produceSignature(key, Buffer.from(prepared.base, 'utf8'));
|
|
162
167
|
return finalizeRequestSignature(prepared, signature);
|
|
163
168
|
}
|
|
169
|
+
/**
|
|
170
|
+
* Canonicalize a response for RFC 9421 response signing. This compatibility
|
|
171
|
+
* helper is signing-only; it does not imply a generic AdCP response-verifier
|
|
172
|
+
* protocol surface.
|
|
173
|
+
*/
|
|
174
|
+
function prepareResponseSignature(response, identity, options = {}) {
|
|
175
|
+
const now = options.now ? options.now() : Math.floor(Date.now() / 1000);
|
|
176
|
+
const windowSeconds = Math.min(options.windowSeconds ?? 300, types_1.MAX_SIGNATURE_WINDOW_SECONDS);
|
|
177
|
+
const nonce = options.nonce ?? base64UrlRandom(16);
|
|
178
|
+
const label = options.label ?? 'sig1';
|
|
179
|
+
const hasBody = (response.body ?? '').length > 0;
|
|
180
|
+
const coverDigest = (options.coverContentDigest ?? true) && hasBody;
|
|
181
|
+
const headers = { ...flattenHeaders(response.headers) };
|
|
182
|
+
if (coverDigest) {
|
|
183
|
+
headers['Content-Digest'] = (0, content_digest_1.computeContentDigest)(response.body ?? '');
|
|
184
|
+
}
|
|
185
|
+
const components = [...types_1.RESPONSE_MANDATORY_COMPONENTS];
|
|
186
|
+
if (hasBody)
|
|
187
|
+
components.push('content-type');
|
|
188
|
+
if (coverDigest)
|
|
189
|
+
components.push('content-digest');
|
|
190
|
+
if (options.additionalComponents) {
|
|
191
|
+
for (const component of options.additionalComponents) {
|
|
192
|
+
if (!components.includes(component))
|
|
193
|
+
components.push(component);
|
|
194
|
+
}
|
|
195
|
+
}
|
|
196
|
+
const params = {
|
|
197
|
+
created: now,
|
|
198
|
+
expires: now + windowSeconds,
|
|
199
|
+
nonce,
|
|
200
|
+
keyid: identity.keyid,
|
|
201
|
+
alg: identity.alg,
|
|
202
|
+
tag: options.tag ?? types_1.RESPONSE_SIGNING_TAG,
|
|
203
|
+
};
|
|
204
|
+
const normalizedResponse = { ...response, headers };
|
|
205
|
+
const base = (0, canonicalize_1.buildResponseSignatureBase)(components, normalizedResponse, params);
|
|
206
|
+
return { status: response.status, components, params, headers, base, label };
|
|
207
|
+
}
|
|
208
|
+
function finalizeResponseSignature(prepared, signature) {
|
|
209
|
+
const headers = { ...prepared.headers };
|
|
210
|
+
const sigB64 = Buffer.from(signature).toString('base64url');
|
|
211
|
+
headers['Signature-Input'] = `${prepared.label}=${(0, canonicalize_1.formatSignatureParams)(prepared.components, prepared.params)}`;
|
|
212
|
+
headers['Signature'] = `${prepared.label}=:${sigB64}:`;
|
|
213
|
+
return { status: prepared.status, headers, signatureBase: prepared.base, params: prepared.params };
|
|
214
|
+
}
|
|
215
|
+
function signResponse(response, key, options = {}) {
|
|
216
|
+
assertKeyPurpose(key, 'response-signing');
|
|
217
|
+
const prepared = prepareResponseSignature(response, { keyid: key.keyid, alg: key.alg }, options);
|
|
218
|
+
const signature = produceSignature(key, Buffer.from(prepared.base, 'utf8'));
|
|
219
|
+
return finalizeResponseSignature(prepared, signature);
|
|
220
|
+
}
|
|
164
221
|
function produceSignature(key, data) {
|
|
165
222
|
const privateKey = (0, crypto_1.createPrivateKey)({
|
|
166
223
|
key: key.privateKey,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../../src/lib/signing/signer.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"signer.js","sourceRoot":"","sources":["../../../src/lib/signing/signer.ts"],"names":[],"mappings":";;AA+GS,sDAAqB;AA4D9B,0DAkCC;AAYD,4DAMC;AAED,kCAKC;AA0BD,0DA2BC;AASD,kCAKC;AAoDD,4DAuCC;AAED,8DAMC;AAED,oCASC;AAvZD,mCAA0F;AAC1F,iDAOwB;AACxB,qDAAwD;AACxD,qCAAgG;AAEhG,mCAQiB;AACjB,yDAAuF;AA0CvF,SAAS,gBAAgB,CAAC,GAAc,EAAE,QAAwB;IAChE,sBAAsB,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,UAAU,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACvE,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,qBAAqB,CAC5B,QAA+D,EAC/D,QAAwB,EACxB,UAAwC,EAAE;IAE1C,IAAI,QAAQ,CAAC,OAAO,KAAK,SAAS,IAAI,CAAC,OAAO,CAAC,cAAc;QAAE,OAAO;IACtE,sBAAsB,CAAC,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,sBAAsB,CAAC,KAAa,EAAE,MAA0B,EAAE,QAAwB;IACjG,IAAI,MAAM,KAAK,QAAQ;QAAE,OAAO;IAChC,MAAM,OAAO,GACX,gBAAgB,KAAK,kBAAkB,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,MAAM,GAAG,GAAG;QAC5F,4BAA4B,QAAQ,6BAA6B,QAAQ,QAAQ;QACjF,6BAA6B,QAAQ,+DAA+D,CAAC;IACvG,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,iBAAiB;YACpB,MAAM,IAAI,8BAAqB,CAAC,uCAAuC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;QACvF,KAAK,iBAAiB;YACpB,MAAM,IAAI,8BAAqB,CAAC,uCAAuC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;QACvF,KAAK,kBAAkB;YACrB,MAAM,IAAI,+BAAsB,CAAC,wCAAwC,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;QACzF,OAAO,CAAC,CAAC,CAAC;YACR,qEAAqE;YACrE,mEAAmE;YACnE,oEAAoE;YACpE,6CAA6C;YAC7C,MAAM,WAAW,GAAU,QAAQ,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,0CAA0C,WAAW,GAAG,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;AACH,CAAC;AAgDD;;;;;;;;;;;;;GAaG;AACH,SAAgB,uBAAuB,CACrC,OAAoB,EACpB,QAA2B,EAC3B,UAA8B,EAAE;IAEhC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACxE,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,GAAG,EAAE,oCAA4B,CAAC,CAAC;IAC3F,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,eAAe,CAAC,EAAE,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC;IACtC,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAEhD,MAAM,WAAW,GAAG,OAAO,CAAC,kBAAkB,KAAK,IAAI,IAAI,OAAO,CAAC;IACnE,MAAM,OAAO,GAA2B,EAAE,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;IAC/E,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,gBAAgB,CAAC,GAAG,IAAA,qCAAoB,EAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,GAAG,4BAAoB,CAAC,CAAC;IAC7C,IAAI,OAAO;QAAE,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7C,IAAI,WAAW;QAAE,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IAEnD,MAAM,MAAM,GAAoB;QAC9B,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,GAAG,GAAG,aAAa;QAC5B,KAAK;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;QACjB,GAAG,EAAE,2BAAmB;KACzB,CAAC;IAEF,MAAM,iBAAiB,GAAgB,EAAE,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAA,iCAAkB,EAAC,UAAU,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;IAEvE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACtD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,wBAAwB,CAAC,QAAkC,EAAE,SAAqB;IAChG,MAAM,OAAO,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,OAAO,CAAC,iBAAiB,CAAC,GAAG,GAAG,QAAQ,CAAC,KAAK,IAAI,IAAA,oCAAqB,EAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;IAChH,OAAO,CAAC,WAAW,CAAC,GAAG,GAAG,QAAQ,CAAC,KAAK,KAAK,MAAM,GAAG,CAAC;IACvD,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;AAC5E,CAAC;AAED,SAAgB,WAAW,CAAC,OAAoB,EAAE,GAAc,EAAE,UAA8B,EAAE;IAChG,gBAAgB,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/F,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC5E,OAAO,wBAAwB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAeD;;;;;;;;;;GAUG;AACH,SAAgB,uBAAuB,CACrC,OAAoB,EACpB,QAA2B,EAC3B,UAA8B,EAAE;IAEhC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACxE,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,GAAG,EAAE,oCAA4B,CAAC,CAAC;IAC3F,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,eAAe,CAAC,EAAE,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC;IAEtC,MAAM,OAAO,GAA2B,EAAE,GAAG,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;IAC/E,OAAO,CAAC,gBAAgB,CAAC,GAAG,IAAA,qCAAoB,EAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAErE,MAAM,UAAU,GAAG,CAAC,GAAG,+CAA4B,CAAC,CAAC;IACrD,MAAM,MAAM,GAAoB;QAC9B,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,GAAG,GAAG,aAAa;QAC5B,KAAK;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;QACjB,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,sCAAmB;KACxC,CAAC;IAEF,MAAM,iBAAiB,GAAgB,EAAE,GAAG,OAAO,EAAE,OAAO,EAAE,CAAC;IAC/D,MAAM,IAAI,GAAG,IAAA,iCAAkB,EAAC,UAAU,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;IAEvE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACtD,CAAC;AAED;;;;;;GAMG;AACH,SAAgB,WAAW,CAAC,OAAoB,EAAE,GAAc,EAAE,UAA8B,EAAE;IAChG,gBAAgB,CAAC,GAAG,EAAE,iBAAiB,CAAC,CAAC;IACzC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/F,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC5E,OAAO,wBAAwB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AA+CD;;;;GAIG;AACH,SAAgB,wBAAwB,CACtC,QAAsB,EACtB,QAA2B,EAC3B,UAA+B,EAAE;IAEjC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACxE,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,GAAG,EAAE,oCAA4B,CAAC,CAAC;IAC3F,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,eAAe,CAAC,EAAE,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,MAAM,CAAC;IACtC,MAAM,OAAO,GAAG,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC,kBAAkB,IAAI,IAAI,CAAC,IAAI,OAAO,CAAC;IAEpE,MAAM,OAAO,GAA2B,EAAE,GAAG,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;IAChF,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,gBAAgB,CAAC,GAAG,IAAA,qCAAoB,EAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,UAAU,GAAG,CAAC,GAAG,qCAA6B,CAAC,CAAC;IACtD,IAAI,OAAO;QAAE,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC7C,IAAI,WAAW;QAAE,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;IACnD,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;QACjC,KAAK,MAAM,SAAS,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;YACrD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAAE,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAoB;QAC9B,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,GAAG,GAAG,aAAa;QAC5B,KAAK;QACL,KAAK,EAAE,QAAQ,CAAC,KAAK;QACrB,GAAG,EAAE,QAAQ,CAAC,GAAG;QACjB,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,4BAAoB;KACzC,CAAC;IAEF,MAAM,kBAAkB,GAAiB,EAAE,GAAG,QAAQ,EAAE,OAAO,EAAE,CAAC;IAClE,MAAM,IAAI,GAAG,IAAA,yCAA0B,EAAC,UAAU,EAAE,kBAAkB,EAAE,MAAM,CAAC,CAAC;IAEhF,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AAC/E,CAAC;AAED,SAAgB,yBAAyB,CAAC,QAAmC,EAAE,SAAqB;IAClG,MAAM,OAAO,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAC5D,OAAO,CAAC,iBAAiB,CAAC,GAAG,GAAG,QAAQ,CAAC,KAAK,IAAI,IAAA,oCAAqB,EAAC,QAAQ,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;IAChH,OAAO,CAAC,WAAW,CAAC,GAAG,GAAG,QAAQ,CAAC,KAAK,KAAK,MAAM,GAAG,CAAC;IACvD,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC;AACrG,CAAC;AAED,SAAgB,YAAY,CAC1B,QAAsB,EACtB,GAAc,EACd,UAA+B,EAAE;IAEjC,gBAAgB,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;IAC1C,MAAM,QAAQ,GAAG,wBAAwB,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;IACjG,MAAM,SAAS,GAAG,gBAAgB,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC;IAC5E,OAAO,yBAAyB,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAc,EAAE,IAAY;IACpD,MAAM,UAAU,GAAG,IAAA,yBAAgB,EAAC;QAClC,GAAG,EAAE,GAAG,CAAC,UAAwB;QACjC,MAAM,EAAE,KAAK;KACd,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,IAAI,UAAU,CAAC,IAAA,aAAQ,EAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,IAAI,UAAU,CAAC,IAAA,aAAQ,EAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;AAClG,CAAC;AAED,SAAS,cAAc,CAAC,OAAsD;IAC5E,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,IAAI,CAAC,KAAK,SAAS;YAAE,SAAS;QAC9B,wEAAwE;QACxE,4EAA4E;QAC5E,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IACjF,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,UAAkB;IACzC,OAAO,IAAA,oBAAW,EAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAChH,CAAC"}
|
|
@@ -81,8 +81,7 @@ export interface MintEphemeralEd25519KeyOptions {
|
|
|
81
81
|
kid?: string;
|
|
82
82
|
/**
|
|
83
83
|
* AdCP purpose binding tagged on both JWKs. Accepts every member of
|
|
84
|
-
* {@link AdcpUse} — see that type for the canonical list
|
|
85
|
-
* `'webhook-signing'`, `'request-signing'`, and `'governance-signing'`).
|
|
84
|
+
* {@link AdcpUse} — see that type for the canonical list.
|
|
86
85
|
* Defaults to `'webhook-signing'`.
|
|
87
86
|
*
|
|
88
87
|
* For production request-signing keys use `pemToAdcpJwk()` or a KMS-backed
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"testing.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/testing.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAiB,KAAK,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3D;;;;;GAKG;AACH,eAAO,MAAM,0BAA0B,gCAAgC,CAAC;AAExE,MAAM,WAAW,8BAA8B;IAC7C,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,sEAAsE;IACtE,SAAS,EAAE,WAAW,CAAC;IACvB,4CAA4C;IAC5C,UAAU,EAAE,cAAc,CAAC;IAC3B;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,uBAAwB,YAAW,eAAe;IAC7D,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAiB;gBAEhC,OAAO,EAAE,8BAA8B;IAoC7C,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;CAQrD;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,SAAS,GAAG,eAAe,CAMnE;AAED,MAAM,WAAW,mBAAmB;IAClC,uCAAuC;IACvC,GAAG,EAAE,MAAM,CAAC;IACZ;;;;OAIG;IACH,SAAS,EAAE,WAAW,CAAC;IACvB,kFAAkF;IAClF,SAAS,EAAE,cAAc,CAAC;IAC1B;;;;OAIG;IACH,UAAU,EAAE,cAAc,CAAC;CAC5B;AAED,MAAM,WAAW,8BAA8B;IAC7C;;;;;OAKG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb
|
|
1
|
+
{"version":3,"file":"testing.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/testing.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAiB,KAAK,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3D;;;;;GAKG;AACH,eAAO,MAAM,0BAA0B,gCAAgC,CAAC;AAExE,MAAM,WAAW,8BAA8B;IAC7C,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,sEAAsE;IACtE,SAAS,EAAE,WAAW,CAAC;IACvB,4CAA4C;IAC5C,UAAU,EAAE,cAAc,CAAC;IAC3B;;;;;;;OAOG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;GAUG;AACH,qBAAa,uBAAwB,YAAW,eAAe;IAC7D,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,WAAW,CAAC;IAChC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAiB;gBAEhC,OAAO,EAAE,8BAA8B;IAoC7C,IAAI,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;CAQrD;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,SAAS,GAAG,eAAe,CAMnE;AAED,MAAM,WAAW,mBAAmB;IAClC,uCAAuC;IACvC,GAAG,EAAE,MAAM,CAAC;IACZ;;;;OAIG;IACH,SAAS,EAAE,WAAW,CAAC;IACvB,kFAAkF;IAClF,SAAS,EAAE,cAAc,CAAC;IAC1B;;;;OAIG;IACH,UAAU,EAAE,cAAc,CAAC;CAC5B;AAED,MAAM,WAAW,8BAA8B;IAC7C;;;;;OAKG;IACH,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;;;;;;;OAOG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAsB,uBAAuB,CAAC,IAAI,CAAC,EAAE,8BAA8B,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAqCjH"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"testing.js","sourceRoot":"","sources":["../../../src/lib/signing/testing.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsGA,kDAMC;
|
|
1
|
+
{"version":3,"file":"testing.js","sourceRoot":"","sources":["../../../src/lib/signing/testing.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAsGA,kDAMC;AAkED,0DAqCC;AAnND,6CAA0G;AAG1G,iDAA6D;AAG7D;;;;;GAKG;AACU,QAAA,0BAA0B,GAAG,6BAA6B,CAAC;AAoBxE;;;;;;;;;;GAUG;AACH,MAAa,uBAAuB;IACzB,KAAK,CAAS;IACd,SAAS,CAAc;IACvB,WAAW,CAAS;IACpB,OAAO,CAAU;IACT,UAAU,CAAiB;IAE5C,YAAY,OAAuC;QACjD,+DAA+D;QAC/D,gEAAgE;QAChE,oEAAoE;QACpE,yEAAyE;QACzE,uEAAuE;QACvE,WAAW;QACX,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE,KAAK,YAAY,CAAC;QAC1E,IAAI,YAAY,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,kCAA0B,CAAC,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CACb,sDAAsD,kCAA0B,qBAAqB;gBACnG,iFAAiF,CACpF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAC1B,MAAM,IAAI,SAAS,CAAC,2EAA2E,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,qEAAqE;QACrE,uEAAuE;QACvE,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;QAC3C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,CAAC,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QACpF,0EAA0E;QAC1E,wEAAwE;QACxE,yEAAyE;QACzE,iCAAiC;QACjC,IAAI,CAAC,WAAW,GAAG,IAAA,wBAAU,EAAC,QAAQ,CAAC;aACpC,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;aACrB,MAAM,CAAC,IAAI,CAAC;aACZ,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAW,CAAC;aACtC,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,OAAmB;QAC5B,MAAM,UAAU,GAAG,IAAA,8BAAgB,EAAC,EAAE,GAAG,EAAE,IAAI,CAAC,UAAwB,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3F,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;YACjC,OAAO,IAAI,UAAU,CAAC,IAAA,kBAAQ,EAAC,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;QAC1D,CAAC;QACD,OAAO,IAAI,UAAU,CAAC,IAAA,kBAAQ,EAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;IAClG,CAAC;CACF;AAnDD,0DAmDC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,GAAc;IAChD,OAAO,IAAI,uBAAuB,CAAC;QACjC,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,SAAS,EAAE,GAAG,CAAC,GAAG;QAClB,UAAU,EAAE,GAAG,CAAC,UAAU;KAC3B,CAAC,CAAC;AACL,CAAC;AAwCD;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACI,KAAK,UAAU,uBAAuB,CAAC,IAAqC;IACjF,MAAM,WAAW,GAAG,IAAI,EAAE,GAAG,IAAI,IAAA,wBAAU,GAAE,CAAC;IAC9C,MAAM,OAAO,GAAY,IAAI,EAAE,QAAQ,IAAI,iBAAiB,CAAC;IAC7D,IAAA,4BAAa,EAAC,OAAO,EAAE,yBAAyB,CAAC,CAAC;IAClD,MAAM,EAAE,eAAe,EAAE,SAAS,EAAE,GAAG,wDAAa,MAAM,GAAC,CAAC;IAC5D,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,MAAM,eAAe,CAAC,OAAO,EAAE;QACtF,GAAG,EAAE,SAAS;QACd,WAAW,EAAE,IAAI;KAClB,CAAC,CAAC;IACH,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAE3F,IAAI,CAAC,MAAM,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;IAC3G,IAAI,CAAC,OAAO,CAAC,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;IAE7G,MAAM,SAAS,GAAmB;QAChC,GAAI,MAAkC;QACtC,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;QACV,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,CAAC,QAAQ,CAAC;KACpB,CAAC;IAEF,MAAM,UAAU,GAAmB;QACjC,GAAI,OAAmC;QACvC,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,KAAK;QACV,QAAQ,EAAE,OAAO;QACjB,4EAA4E;QAC5E,qFAAqF;QACrF,OAAO,EAAE,CAAC,MAAM,CAAC;KAClB,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC;AAC3E,CAAC"}
|
|
@@ -84,6 +84,7 @@ export type VerifyResult = ({
|
|
|
84
84
|
verified_at: number;
|
|
85
85
|
};
|
|
86
86
|
export declare const REQUEST_SIGNING_TAG = "adcp/request-signing/v1";
|
|
87
|
+
export declare const RESPONSE_SIGNING_TAG = "adcp/response-signing/v1";
|
|
87
88
|
export declare const ALLOWED_ALGS: Set<string>;
|
|
88
89
|
/**
|
|
89
90
|
* Wire-format algorithm identifier — the string that appears in
|
|
@@ -93,4 +94,5 @@ export type AdcpSignAlg = 'ed25519' | 'ecdsa-p256-sha256';
|
|
|
93
94
|
export declare const MAX_SIGNATURE_WINDOW_SECONDS = 300;
|
|
94
95
|
export declare const CLOCK_SKEW_TOLERANCE_SECONDS = 60;
|
|
95
96
|
export declare const MANDATORY_COMPONENTS: ReadonlyArray<string>;
|
|
97
|
+
export declare const RESPONSE_MANDATORY_COMPONENTS: ReadonlyArray<string>;
|
|
96
98
|
//# sourceMappingURL=types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,mBAAmB,GAAG,UAAU,GAAG,WAAW,GAAG,QAAQ,CAAC;AAEtE,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,OAAO,CAAC;IACnB,qBAAqB,EAAE,mBAAmB,CAAC;IAC3C,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB;;;;OAIG;IACH,6BAA6B,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1C;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oEAAoE;IACpE,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,+CAA+C;IAC/C,CAAC,CAAC,EAAE,MAAM,CAAC;IACX;;;;;OAKG;IACH,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC;IAAE,MAAM,EAAE,UAAU,CAAA;CAAE,GAAG,cAAc,CAAC,GAAG;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnH,eAAO,MAAM,mBAAmB,4BAA4B,CAAC;AAC7D,eAAO,MAAM,YAAY,aAA4C,CAAC;AACtE;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,mBAAmB,CAAC;AAC1D,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAChD,eAAO,MAAM,4BAA4B,KAAK,CAAC;AAC/C,eAAO,MAAM,oBAAoB,EAAE,aAAa,CAAC,MAAM,CAA4C,CAAC"}
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/lib/signing/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,mBAAmB,GAAG,UAAU,GAAG,WAAW,GAAG,QAAQ,CAAC;AAEtE,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,OAAO,CAAC;IACnB,qBAAqB,EAAE,mBAAmB,CAAC;IAC3C,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB;;;;;;OAMG;IACH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IACzB;;;;OAIG;IACH,6BAA6B,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1C;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,oEAAoE;IACpE,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,+CAA+C;IAC/C,CAAC,CAAC,EAAE,MAAM,CAAC;IACX;;;;;OAKG;IACH,CAAC,CAAC,EAAE,MAAM,CAAC;IACX,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,YAAY,EAAE,MAAM,EAAE,CAAC;CACxB;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,YAAY,GAAG,CAAC;IAAE,MAAM,EAAE,UAAU,CAAA;CAAE,GAAG,cAAc,CAAC,GAAG;IAAE,MAAM,EAAE,UAAU,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC;AAEnH,eAAO,MAAM,mBAAmB,4BAA4B,CAAC;AAC7D,eAAO,MAAM,oBAAoB,6BAA6B,CAAC;AAC/D,eAAO,MAAM,YAAY,aAA4C,CAAC;AACtE;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,SAAS,GAAG,mBAAmB,CAAC;AAC1D,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAChD,eAAO,MAAM,4BAA4B,KAAK,CAAC;AAC/C,eAAO,MAAM,oBAAoB,EAAE,aAAa,CAAC,MAAM,CAA4C,CAAC;AACpG,eAAO,MAAM,6BAA6B,EAAE,aAAa,CAAC,MAAM,CAK/D,CAAC"}
|
|
@@ -1,9 +1,16 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.MANDATORY_COMPONENTS = exports.CLOCK_SKEW_TOLERANCE_SECONDS = exports.MAX_SIGNATURE_WINDOW_SECONDS = exports.ALLOWED_ALGS = exports.REQUEST_SIGNING_TAG = void 0;
|
|
3
|
+
exports.RESPONSE_MANDATORY_COMPONENTS = exports.MANDATORY_COMPONENTS = exports.CLOCK_SKEW_TOLERANCE_SECONDS = exports.MAX_SIGNATURE_WINDOW_SECONDS = exports.ALLOWED_ALGS = exports.RESPONSE_SIGNING_TAG = exports.REQUEST_SIGNING_TAG = void 0;
|
|
4
4
|
exports.REQUEST_SIGNING_TAG = 'adcp/request-signing/v1';
|
|
5
|
+
exports.RESPONSE_SIGNING_TAG = 'adcp/response-signing/v1';
|
|
5
6
|
exports.ALLOWED_ALGS = new Set(['ed25519', 'ecdsa-p256-sha256']);
|
|
6
7
|
exports.MAX_SIGNATURE_WINDOW_SECONDS = 300;
|
|
7
8
|
exports.CLOCK_SKEW_TOLERANCE_SECONDS = 60;
|
|
8
9
|
exports.MANDATORY_COMPONENTS = ['@method', '@target-uri', '@authority'];
|
|
10
|
+
exports.RESPONSE_MANDATORY_COMPONENTS = [
|
|
11
|
+
'@status',
|
|
12
|
+
'@method;req',
|
|
13
|
+
'@authority;req',
|
|
14
|
+
'@target-uri;req',
|
|
15
|
+
];
|
|
9
16
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/lib/signing/types.ts"],"names":[],"mappings":";;;AAsFa,QAAA,mBAAmB,GAAG,yBAAyB,CAAC;AAChD,QAAA,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC,CAAC;AAMzD,QAAA,4BAA4B,GAAG,GAAG,CAAC;AACnC,QAAA,4BAA4B,GAAG,EAAE,CAAC;AAClC,QAAA,oBAAoB,GAA0B,CAAC,SAAS,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC"}
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/lib/signing/types.ts"],"names":[],"mappings":";;;AAsFa,QAAA,mBAAmB,GAAG,yBAAyB,CAAC;AAChD,QAAA,oBAAoB,GAAG,0BAA0B,CAAC;AAClD,QAAA,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAC,CAAC;AAMzD,QAAA,4BAA4B,GAAG,GAAG,CAAC;AACnC,QAAA,4BAA4B,GAAG,EAAE,CAAC;AAClC,QAAA,oBAAoB,GAA0B,CAAC,SAAS,EAAE,aAAa,EAAE,YAAY,CAAC,CAAC;AACvF,QAAA,6BAA6B,GAA0B;IAClE,SAAS;IACT,aAAa;IACb,gBAAgB;IAChB,iBAAiB;CAClB,CAAC"}
|
package/dist/lib/version.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* AdCP SDK library version
|
|
3
3
|
*/
|
|
4
|
-
export declare const LIBRARY_VERSION = "8.1.0-beta.
|
|
4
|
+
export declare const LIBRARY_VERSION = "8.1.0-beta.16";
|
|
5
5
|
/**
|
|
6
6
|
* AdCP specification version this library is built for
|
|
7
7
|
*/
|
|
@@ -33,10 +33,10 @@ export type AdcpVersion = (typeof COMPATIBLE_ADCP_VERSIONS)[number];
|
|
|
33
33
|
* Full version information
|
|
34
34
|
*/
|
|
35
35
|
export declare const VERSION_INFO: {
|
|
36
|
-
readonly library: "8.1.0-beta.
|
|
36
|
+
readonly library: "8.1.0-beta.16";
|
|
37
37
|
readonly adcp: "3.1.0-beta.7";
|
|
38
38
|
readonly compatibleVersions: readonly ["v2.5", "v2.6", "v3", "3.0.0-beta.1", "3.0.0-beta.3", "3.1.0-beta.1", "3.1.0-beta.2", "3.1.0-beta.3", "3.1.0-beta.5", "3.1.0-beta.7", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "3.0.4", "3.0.5", "3.0.6", "3.0.7", "3.0.8", "3.0.9", "3.0.10", "3.0.11", "3.0.12"];
|
|
39
|
-
readonly generatedAt: "2026-05-
|
|
39
|
+
readonly generatedAt: "2026-05-28T23:03:56.878Z";
|
|
40
40
|
};
|
|
41
41
|
/**
|
|
42
42
|
* Get the AdCP specification version this library is built for
|
package/dist/lib/version.js
CHANGED
|
@@ -12,7 +12,7 @@ exports.toReleasePrecisionVersion = toReleasePrecisionVersion;
|
|
|
12
12
|
/**
|
|
13
13
|
* AdCP SDK library version
|
|
14
14
|
*/
|
|
15
|
-
exports.LIBRARY_VERSION = '8.1.0-beta.
|
|
15
|
+
exports.LIBRARY_VERSION = '8.1.0-beta.16';
|
|
16
16
|
/**
|
|
17
17
|
* AdCP specification version this library is built for
|
|
18
18
|
*/
|
|
@@ -59,10 +59,10 @@ exports.COMPATIBLE_ADCP_VERSIONS = [
|
|
|
59
59
|
* Full version information
|
|
60
60
|
*/
|
|
61
61
|
exports.VERSION_INFO = {
|
|
62
|
-
library: '8.1.0-beta.
|
|
62
|
+
library: '8.1.0-beta.16',
|
|
63
63
|
adcp: '3.1.0-beta.7',
|
|
64
64
|
compatibleVersions: exports.COMPATIBLE_ADCP_VERSIONS,
|
|
65
|
-
generatedAt: '2026-05-
|
|
65
|
+
generatedAt: '2026-05-28T23:03:56.878Z',
|
|
66
66
|
};
|
|
67
67
|
/**
|
|
68
68
|
* Get the AdCP specification version this library is built for
|